My setup includes a set of FreeIPA servers running on 4.9.2 version and a OpenVPN configured for the users to connect to VPN. Previously I was using IPA version 4.6.8 on CentOS7 and now installed IPA replica on 4.9.2 on OL8 and decommissioned the old one.
I am using openvpn-plugin-auth-pam.so with login pam file to authenticate the IPA users logging in to OpenVPN. when I am resetting the password of users now, then users are not able to login to OpenVPN with 2FA (password+otp) whereas, with otp disabled it is working for old users for whom password is not resetted recently after change in IPA cluster, their authentication is working through OpenVPN with/without OTP both. All users(old + users whose password is resetted recently) are able to login to linux servers using password and OTP both combination, its just not authenticating in OpenVPN. I have tried multiple things but still couldn't able to get it work. Hoping if someone can help with this!! -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
