Re: [Freeipa-users] OTP not working since upgrade
On Mon, 2016-02-29 at 16:49 +, Alessandro De Maria wrote:
> Of course,
>
> could you point me to the logs you would be interested in?
Probably the kdc logs, I am not sure we directly log from ipa-otpd, but
you could take a look at the journal/syslog too ?
Simo.
> Regards
> Alessandro
>
> On 29 February 2016 at 05:44, Simo Sorce wrote:
>
> > On Mon, 2016-02-29 at 00:11 +, Alessandro De Maria wrote:
> > > Solved.
> > > This turned out to be the ipa-otp process stuck on one of the 2 servers.
> > > The VPN requests where being sent to the other server which was working
> > fine
> > >
> > > a simple restart of ipa fixed it.
> >
> > Do you have any logs that show any error from the ipa-otpd process
> > It would be nice to fix any issue it may have.
> >
> > Simo.
> >
> > > Regards
> > >
> > > On 28 February 2016 at 23:17, Alessandro De Maria <
> > > alessandro.dema...@gmail.com> wrote:
> > >
> > > > Hello,
> > > >
> > > > since I upgraded to 4.2.0 on Centos, OTPs do not seem to work anymore.
> > > > Name: ipa-server
> > > > Version : 4.2.0
> > > > Release : 15.el7_2.6
> > > >
> > > > The error I see in the
> > > > Feb 28 23:01:40 id1 krb5kdc[2894](info): AS_REQ (6 etypes {18 17 16 23
> > 25
> > > > 26}) 10.0.1.10: NEEDED_PREAUTH: alessan...@xx.com for krbtgt/
> > xx@xx.com,
> > > > Additional pre-authentication required
> > > > Feb 28 23:01:41 id1.XX.com krb5kdc[2896](info): AS_REQ (6 etypes {18
> > 17
> > > > 16 23 25 26}) 10.0.1.10: PREAUTH_FAILED: alessan...@xx.com for krbtgt/
> > > > xx@xx.com, Incorrect password in encrypted challenge
> > > >
> > > > I tried syncing the OTP and also creating a new one.
> > > > Strangely enough I can connect OK with the VPN supplying password +
> > OTP,
> > > > but OTP is not working on both freeipa gui and when issuing sudo.
> > > >
> > > > Could someone help me understand what is going on?
> > > >
> > > > Regards
> > > > Alessandro
> > > >
> > > >
> > > > --
> > > > Alessandro De Maria
> > > > alessandro.dema...@gmail.com
> > > >
> > >
> > >
> > >
> > > --
> > > Manage your subscription for the Freeipa-users mailing list:
> > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > Go to http://freeipa.org for more info on the project
> >
> >
> > --
> > Simo Sorce * Red Hat, Inc * New York
> >
> >
>
>
--
Simo Sorce * Red Hat, Inc * New York
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] OTP not working since upgrade
Of course,
could you point me to the logs you would be interested in?
Regards
Alessandro
On 29 February 2016 at 05:44, Simo Sorce wrote:
> On Mon, 2016-02-29 at 00:11 +, Alessandro De Maria wrote:
> > Solved.
> > This turned out to be the ipa-otp process stuck on one of the 2 servers.
> > The VPN requests where being sent to the other server which was working
> fine
> >
> > a simple restart of ipa fixed it.
>
> Do you have any logs that show any error from the ipa-otpd process
> It would be nice to fix any issue it may have.
>
> Simo.
>
> > Regards
> >
> > On 28 February 2016 at 23:17, Alessandro De Maria <
> > alessandro.dema...@gmail.com> wrote:
> >
> > > Hello,
> > >
> > > since I upgraded to 4.2.0 on Centos, OTPs do not seem to work anymore.
> > > Name: ipa-server
> > > Version : 4.2.0
> > > Release : 15.el7_2.6
> > >
> > > The error I see in the
> > > Feb 28 23:01:40 id1 krb5kdc[2894](info): AS_REQ (6 etypes {18 17 16 23
> 25
> > > 26}) 10.0.1.10: NEEDED_PREAUTH: alessan...@xx.com for krbtgt/
> xx@xx.com,
> > > Additional pre-authentication required
> > > Feb 28 23:01:41 id1.XX.com krb5kdc[2896](info): AS_REQ (6 etypes {18
> 17
> > > 16 23 25 26}) 10.0.1.10: PREAUTH_FAILED: alessan...@xx.com for krbtgt/
> > > xx@xx.com, Incorrect password in encrypted challenge
> > >
> > > I tried syncing the OTP and also creating a new one.
> > > Strangely enough I can connect OK with the VPN supplying password +
> OTP,
> > > but OTP is not working on both freeipa gui and when issuing sudo.
> > >
> > > Could someone help me understand what is going on?
> > >
> > > Regards
> > > Alessandro
> > >
> > >
> > > --
> > > Alessandro De Maria
> > > alessandro.dema...@gmail.com
> > >
> >
> >
> >
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
>
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>
--
Alessandro De Maria
alessandro.dema...@gmail.com
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] OTP not working since upgrade
On Mon, 2016-02-29 at 00:11 +, Alessandro De Maria wrote:
> Solved.
> This turned out to be the ipa-otp process stuck on one of the 2 servers.
> The VPN requests where being sent to the other server which was working fine
>
> a simple restart of ipa fixed it.
Do you have any logs that show any error from the ipa-otpd process
It would be nice to fix any issue it may have.
Simo.
> Regards
>
> On 28 February 2016 at 23:17, Alessandro De Maria <
> alessandro.dema...@gmail.com> wrote:
>
> > Hello,
> >
> > since I upgraded to 4.2.0 on Centos, OTPs do not seem to work anymore.
> > Name: ipa-server
> > Version : 4.2.0
> > Release : 15.el7_2.6
> >
> > The error I see in the
> > Feb 28 23:01:40 id1 krb5kdc[2894](info): AS_REQ (6 etypes {18 17 16 23 25
> > 26}) 10.0.1.10: NEEDED_PREAUTH: alessan...@xx.com for krbtgt/xx@xx.com,
> > Additional pre-authentication required
> > Feb 28 23:01:41 id1.XX.com krb5kdc[2896](info): AS_REQ (6 etypes {18 17
> > 16 23 25 26}) 10.0.1.10: PREAUTH_FAILED: alessan...@xx.com for krbtgt/
> > xx@xx.com, Incorrect password in encrypted challenge
> >
> > I tried syncing the OTP and also creating a new one.
> > Strangely enough I can connect OK with the VPN supplying password + OTP,
> > but OTP is not working on both freeipa gui and when issuing sudo.
> >
> > Could someone help me understand what is going on?
> >
> > Regards
> > Alessandro
> >
> >
> > --
> > Alessandro De Maria
> > alessandro.dema...@gmail.com
> >
>
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
--
Simo Sorce * Red Hat, Inc * New York
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] OTP not working since upgrade
Solved.
This turned out to be the ipa-otp process stuck on one of the 2 servers.
The VPN requests where being sent to the other server which was working fine
a simple restart of ipa fixed it.
Regards
On 28 February 2016 at 23:17, Alessandro De Maria <
alessandro.dema...@gmail.com> wrote:
> Hello,
>
> since I upgraded to 4.2.0 on Centos, OTPs do not seem to work anymore.
> Name: ipa-server
> Version : 4.2.0
> Release : 15.el7_2.6
>
> The error I see in the
> Feb 28 23:01:40 id1 krb5kdc[2894](info): AS_REQ (6 etypes {18 17 16 23 25
> 26}) 10.0.1.10: NEEDED_PREAUTH: alessan...@xx.com for krbtgt/xx@xx.com,
> Additional pre-authentication required
> Feb 28 23:01:41 id1.XX.com krb5kdc[2896](info): AS_REQ (6 etypes {18 17
> 16 23 25 26}) 10.0.1.10: PREAUTH_FAILED: alessan...@xx.com for krbtgt/
> xx@xx.com, Incorrect password in encrypted challenge
>
> I tried syncing the OTP and also creating a new one.
> Strangely enough I can connect OK with the VPN supplying password + OTP,
> but OTP is not working on both freeipa gui and when issuing sudo.
>
> Could someone help me understand what is going on?
>
> Regards
> Alessandro
>
>
> --
> Alessandro De Maria
> alessandro.dema...@gmail.com
>
--
Alessandro De Maria
alessandro.dema...@gmail.com
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
