Hi,
I am running privacyidea 2.5dev2 on ubuntu 14.04.
I am able to authenticate on a client using otp for the local users but not with ldap users.
I can log in to the client with ldap username/password. I am not sure what else i need to configure for it to accept otp pin.
I would appreciate your help on this.
Below is my pam configuration.
common-auth
-----------------
auth sufficient pam_python.so /opt/privacyidea_pam.py url=
https://OTP-HOST prompt=PRIVACYIDEA_Authentication nosslverify
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_sss.so use_first_pass
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_cap.so
sshd
------------------------------------------------
@include common-auth
account required pam_nologin.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
@include common-session
session optional pam_motd.so motd=/run/motd.dynamic noupdate
session required pam_limits.so
session required pam_env.so user_readenv=1 envfile=/etc/default/locale
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
@include common-password
below is the error message that i see on the logs.
Jul 14 13:15:07 otp2 sshd: requests > 1.0
Jul 14 13:15:07 otp2 sshd: privacyidea_pam: ERR905: The user can not be found in any resolver in this realm!
Jul 14 13:15:07 otp2 sshd: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.6.6 user=otp
Jul 14 13:15:08 otp2 sshd: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.6.6 user=otp
Jul 14 13:15:08 otp2 sshd: pam_sss(sshd:auth): received for user otp: 17 (Failure setting user credentials)
Jul 14 13:15:10 otp2 sshd[11317]: Failed password for otp from 10.10.6.6 port 60748 ssh2
Thanks,