On Tue, Sep 22, 2015 at 08:55:53AM -0400, Nathaniel McCallum wrote: > On Mon, 2015-09-21 at 16:49 -0600, Duncan McNaught wrote: > > Dear freeipa-users, > > > > I'm having an issue with otp in freeipa. I can set up the service as > > described in the blog post for TOTP or HOTP, and sync the token fine. > > When I try to login to the admin tools or an ipa-managed client > > (with <password><token>) , I get a password incorrect message. > > Here are some more details: https://github.com/adelton/docker-freeipa > > /issues/34 > > Can anyone help me to debug/get this working? > > I'm very unclear as to what you are trying to do. Are you trying to > run FreeIPA in a container? If so, Jan is probably your man. AFAIK, > ipa-otpd will require systemd in the container.
Well, we have separate daemon listening on the /var/run/krb5kdc/DEFAULT.socket in the container which should start the [email protected] when there's a connection made to it. But somehow it does not seem to be happening even if I fix the parsing of /etc/ipa/default.conf that [email protected] is doing. What is the simplest way to trigger the connection to /var/run/krb5kdc/DEFAULT.socket, for debugging purposes? I haven't even been able to sync the token properly, which Duncan says in https://github.com/adelton/docker-freeipa/issues/34#issuecomment-123877080 was working for him. -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
