Solved. This turned out to be the ipa-otp process stuck on one of the 2 servers. The VPN requests where being sent to the other server which was working fine
a simple restart of ipa fixed it. Regards On 28 February 2016 at 23:17, Alessandro De Maria < [email protected]> wrote: > Hello, > > since I upgraded to 4.2.0 on Centos, OTPs do not seem to work anymore. > Name : ipa-server > Version : 4.2.0 > Release : 15.el7_2.6 > > The error I see in the > Feb 28 23:01:40 id1 krb5kdc[2894](info): AS_REQ (6 etypes {18 17 16 23 25 > 26}) 10.0.1.10: NEEDED_PREAUTH: [email protected] for krbtgt/[email protected], > Additional pre-authentication required > Feb 28 23:01:41 id1.XX.com krb5kdc[2896](info): AS_REQ (6 etypes {18 17 > 16 23 25 26}) 10.0.1.10: PREAUTH_FAILED: [email protected] for krbtgt/ > [email protected], Incorrect password in encrypted challenge > > I tried syncing the OTP and also creating a new one. > Strangely enough I can connect OK with the VPN supplying password + OTP, > but OTP is not working on both freeipa gui and when issuing sudo. > > Could someone help me understand what is going on? > > Regards > Alessandro > > > -- > Alessandro De Maria > [email protected] > -- Alessandro De Maria [email protected]
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
