On Thu, Aug 24, 2017 at 10:29:35AM -0400, Steve Weeks via FreeIPA-users wrote: > We are running FreeIPA 4.4 on Centos 7 and trying to use radius > authentication. > > Using radtest and radclient work fine and we can authenticate a user. > > The radius proxy and secret are set to match the values from radclient. > The user has the radius check box checked and the other two fields set to > appropriate values. hbactest shows that the user has permission for any > host. > > When I do " su -l rsa-user", I'm requested for the first and second > factors. After I enter them, I get "su: Authentication failure". Using a > non-radius user works fine. > > The sssd_pam log has > > [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [17 (Failure setting > user credentials)][idm.bbn.com] > [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [17]: > Failure setting user credentials. > > Unchecking the radius checkbox and the account works fine. > > Any ideas what to try or look at next?
I've never set up this configuration but I would look at the domain log and krb5_child.log next. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
