[Freeipa-users] OTP

[Winfried de Heiden]

Hi all, I' m trying to enable OTP: - Enabled "Two factor authentication (password + OTP)" for a particular user. - Added a OTP token, FreeOTP on an Android that is, for the user which all went fine. Trying to login will fail. After several attempts, systemctl --failed will tell:   UNIT                       LOAD   ACTIVE SUB    DESCRIPTION * ipa-otpd@0-1642-0.service  loaded failed failed ipa-otpd service (PID 1642/UID 0) * ipa-otpd@1-1642-0.service  loaded failed failed ipa-otpd service (PID 1642/UID 0) * ipa-otpd@10-1642-0.service loaded failed failed ipa-otpd service (PID 1642/UID 0) * ipa-otpd@11-1642-0.service loaded failed failed ipa-otpd service (PID 1642/UID 0) * ipa-otpd@12-1642-0.service loaded failed failed ipa-otpd service (PID 1642/UID 0) * ipa-otpd@13-1643-0.service loaded failed failed ipa-otpd service (PID 1643/UID 0) * ipa-otpd@14-1643-0.service loaded failed failed ipa-otpd service (PID 1643/UID 0) * ipa-otpd@15-1643-0.service loaded failed failed ipa-otpd service (PID 1643/UID 0) * ipa-otpd@16-1643-0.service loaded failed failed ipa-otpd service (PID 1643/UID 0) * ipa-otpd@2-1642-0.service  loaded failed failed ipa-otpd service (PID 1642/UID 0) * ipa-otpd@3-1643-0.service  loaded failed failed ipa-otpd service (PID 1643/UID 0) * ipa-otpd@4-1643-0.service  loaded failed failed ipa-otpd service (PID 1643/UID 0) * ipa-otpd@5-1643-0.service  loaded failed failed ipa-otpd service (PID 1643/UID 0) * ipa-otpd@6-1642-0.service  loaded failed failed ipa-otpd service (PID 1642/UID 0) * ipa-otpd@7-1642-0.service  loaded failed failed ipa-otpd service (PID 1642/UID 0) * ipa-otpd@8-1643-0.service  loaded failed failed ipa-otpd service (PID 1643/UID 0) * ipa-otpd@9-1643-0.service  loaded failed failed ipa-otpd service (PID 1643/UID 0) LOAD   = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB    = The low-level unit activation state, values depend on unit type. 17 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'. Journalctl will tell some more: root@ipa log]# journalctl -f -u ipa-otpd@9-1643-0.service -- Logs begin at Fri 2016-01-29 10:14:55 CET. -- Feb 02 11:03:19 ipa.blabla.bla systemd[1]: ipa-otpd@9-1643-0.service: Main process exited, code=exited, status=1/FAILURE Feb 02 11:03:19 ipa.blabla.bla systemd[1]: ipa-otpd@9-1643-0.service: Unit entered failed state. Feb 02 11:03:19 ipa.blabla.bla systemd[1]: ipa-otpd@9-1643-0.service: Failed with result 'exit-code'. Feb 02 11:04:31 ipa.blabla.bla systemd[1]: Started ipa-otpd service (PID 1643/UID 0). Feb 02 11:04:31 ipa.blabla.bla systemd[1]: Starting ipa-otpd service (PID 1643/UID 0)... Feb 02 11:04:31 ipa.blabla.bla ipa-otpd[2924]: LDAP: ldapi://%2fvar%2frun%2fslapd-BLABLA-BLA.socket Feb 02 11:05:23 ipa.blabla.bla ipa-otpd[2924]: stdio.c:073: Invalid argument: Error receiving packet Feb 02 11:05:23 ipa.blabla.bla systemd[1]: ipa-otpd@9-1643-0.service: Main process exited, code=exited, status=1/FAILURE Feb 02 11:05:23 ipa.blabla.bla systemd[1]: ipa-otpd@9-1643-0.service: Unit entered failed state. Feb 02 11:05:23 ipa.blabla.bla systemd[1]: ipa-otpd@9-1643-0.service: Failed with result 'exit-code'. What' s going wrong here? Winny

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project