New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue with working with OTP #34
Comments
|
-- edit -- This did not actually fix the problem. |
In the FreeIPA container, no systemd is running. Could you please be more specific about the functional issue? |
|
This is related to using the One Time Password function. Removing the [global] tag (or pointing the @.service file directly to the ldap server) causes the otp service to start - so something is allowing it to run. Because we couldn't get IPA with OTP working within Docker, we had to scrap and go bare metal, so can't look into it any further. |
|
I'm seeing the same issue (with centos-7) trying to use OTP-TOTP. Set up all goes fine in the GUI, but then when I try to login after successfully syncing OTP token, I see this in the logs: ==> /var/log/krb5kdc.log <== |
|
I also commented out the first line in /data/etc/ipa/default.conf |
|
Also tried adding the token with FreeOTP - can't login to the admin tools or onto an ipa client with password+token after setup. |
|
@dmcnaught The "invalid barcode" issue is related to this bug: https://www.redhat.com/archives/freeipa-devel/2015-June/msg00505.html |
|
Notes from mailing list:
|
Not yet, it should be possible with Docker 1.9. |
|
Fix for the issue was now pushed to the master branch and also to the rhel-7 and centos-7 branches. The automated builds on the hub are running and updated images should be available shortly. Sorry it took me so long to resolve the problem. |
|
Great - thanks @adelton |

There seems to be major issues when implementing OTP. First problem is the systemd file :: /usr/lib/systemd/system/ipa-otpd@.service --the enviromentfile this is pointing at /etc/ipa/default.conf. This breaks when the systemd attempts to add the [global] tag.
Attempted to patch that and point to the same file without the [global] tag however all OTP still fails with no real indication as to why.
The text was updated successfully, but these errors were encountered: