Hi Alexander, thank you for replying. The VPN server binds to LDAP using a service account of sorts, named svc_pfsense:
uid=svc_pfsense,cn=users,cn=accounts,dc=domain,dc=com This svc_pfsense account has Authentication Type as "Password" within IPA. I did also see the issue (9711) you are referring to, however the bind still works after the update, likely as OTP isn't ticked for the service account. Users on the other hand are all "Two factor authentication (password + OTP)", however on 4.12.2-6.el9 CAN currently login to the VPN with and without MFA. Upon updating to ipa-4.12.2-9.el9 we have to add the OTP token for all logins for it to work, including the VPN which we previously did not. -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
