2FA i.e. OTP + LDAP (Win AD) issue

145 views

Skip to first unread message

Zia-ul-Hassan Siddique

unread,

Apr 20, 2016, 1:52:05 PM4/20/16

to privacyidea

Hi,

I am trying to test PI on Ubuntu 14.04. TOTP and Psssthru works fine individually. but in policy {"otppin": "userstore"}, its not working. following are the logs of the said operation.

username=user98

domainname=zaxis

[2016-04-20 22:28:43,775][7593][140706888959744][INFO][privacyidea.lib.user:188] user u'user98' found in resolver u'zaxis'

[2016-04-20 22:28:43,776][7593][140706888959744][INFO][privacyidea.lib.user:189] userid resolved to 'ac7997d2-5271-4e6e-aba1-39874ad601a3'

[2016-04-20 22:28:43,845][7593][140706888959744][INFO][privacyidea.lib.user:188] user u'user98' found in resolver u'zaxis'

[2016-04-20 22:28:43,845][7593][140706888959744][INFO][privacyidea.lib.user:189] userid resolved to 'ac7997d2-5271-4e6e-aba1-39874ad601a3'

[2016-04-20 22:28:43,889][7593][140706888959744][INFO][privacyidea.lib.user:188] user u'user98' found in resolver u'zaxis'

[2016-04-20 22:28:43,890][7593][140706888959744][INFO][privacyidea.lib.user:189] userid resolved to 'ac7997d2-5271-4e6e-aba1-39874ad601a3'

[2016-04-20 22:28:43,949][7593][140706888959744][INFO][privacyidea.lib.user:188] user u'user98' found in resolver u'zaxis'

[2016-04-20 22:28:43,949][7593][140706888959744][INFO][privacyidea.lib.user:189] userid resolved to 'ac7997d2-5271-4e6e-aba1-39874ad601a3'

[2016-04-20 22:28:44,147][7593][140706888959744][INFO][privacyidea.lib.user:328] User '' from realm u'zaxis' tries to authenticate

[2016-04-20 22:28:44,174][7593][140706888959744][ERROR][privacyidea.lib.user:344] The user User(login=u'', realm=u'zaxis', resolver='') exists in NO resolver.

[2016-04-20 22:28:44,279][7593][140706888959744][INFO][privacyidea.lib.user:328] User '' from realm u'zaxis' tries to authenticate

[2016-04-20 22:28:44,312][7593][140706888959744][ERROR][privacyidea.lib.user:344] The user User(login=u'', realm=u'zaxis', resolver='') exists in NO resolver.

[2016-04-20 22:28:44,448][7593][140706888959744][INFO][privacyidea.lib.user:188] user u'user98' found in resolver u'zaxis'

[2016-04-20 22:28:44,448][7593][140706888959744][INFO][privacyidea.lib.user:189] userid resolved to 'ac7997d2-5271-4e6e-aba1-39874ad601a3'

[2016-04-20 22:48:37,158][7593][140707006514944][INFO][privacyidea.lib.user:188] user u'user98' found in resolver u'zaxis'

[2016-04-20 22:48:37,159][7593][140707006514944][INFO][privacyidea.lib.user:189] userid resolved to 'ac7997d2-5271-4e6e-aba1-39874ad601a3'

[2016-04-20 22:48:37,210][7593][140707006514944][INFO][privacyidea.lib.user:188] user u'user98' found in resolver u'zaxis'

[2016-04-20 22:48:37,211][7593][140707006514944][INFO][privacyidea.lib.user:189] userid resolved to 'ac7997d2-5271-4e6e-aba1-39874ad601a3'

[2016-04-20 22:48:37,260][7593][140707006514944][INFO][privacyidea.lib.user:188] user u'user98' found in resolver u'zaxis'

[2016-04-20 22:48:37,260][7593][140707006514944][INFO][privacyidea.lib.user:189] userid resolved to 'ac7997d2-5271-4e6e-aba1-39874ad601a3'

[2016-04-20 22:48:37,299][7593][140707006514944][INFO][privacyidea.lib.user:188] user u'user98' found in resolver u'zaxis'

[2016-04-20 22:48:37,299][7593][140707006514944][INFO][privacyidea.lib.user:189] userid resolved to 'ac7997d2-5271-4e6e-aba1-39874ad601a3'

[2016-04-20 22:48:37,556][7593][140707006514944][INFO][privacyidea.lib.user:328] User '' from realm u'zaxis' tries to authenticate

[2016-04-20 22:48:37,605][7593][140707006514944][ERROR][privacyidea.lib.user:344] The user User(login=u'', realm=u'zaxis', resolver='') exists in NO resolver.

[2016-04-20 22:48:37,725][7593][140707006514944][INFO][privacyidea.lib.user:188] user u'user98' found in resolver u'zaxis'

[2016-04-20 22:48:37,726][7593][140707006514944][INFO][privacyidea.lib.user:189] userid resolved to 'ac7997d2-5271-4e6e-aba1-39874ad601a3'

Pleeeeez help me with this.... Thanx

zia

Zia-ul-Hassan Siddique

unread,

Apr 20, 2016, 2:17:30 PM4/20/16

to privacyidea

Debug logs are as followed

01', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}, 'type': u'ldapresolver', 'resolvername': u'zaxis'}}

[2016-04-20 23:15:32,008][8697][140242422363904][DEBUG][privacyidea.lib.config:118] Entering get_resolver_list with arguments () and keywords {}

[2016-04-20 23:15:32,008][8697][140242422363904][DEBUG][privacyidea.lib.config:421] None

[2016-04-20 23:15:32,008][8697][140242422363904][DEBUG][privacyidea.lib.config:129] Exiting get_resolver_list with result set(['privacyidea.lib.resolvers.PasswdIdResolver', 'privacyidea.lib.resolvers.SCIMIdResolver', 'privacyidea.lib.resolvers.SQLIdResolver', 'privacyidea.lib.resolvers.LDAPIdResolver'])

[2016-04-20 23:15:32,008][8697][140242422363904][DEBUG][privacyidea.lib.config:553] using the module list: set(['privacyidea.lib.resolvers.PasswdIdResolver', 'privacyidea.lib.resolvers.SCIMIdResolver', 'privacyidea.lib.resolvers.SQLIdResolver', 'privacyidea.lib.resolvers.LDAPIdResolver'])

[2016-04-20 23:15:32,008][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.PasswdIdResolver

[2016-04-20 23:15:32,008][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.SCIMIdResolver

[2016-04-20 23:15:32,009][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.SQLIdResolver

[2016-04-20 23:15:32,009][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.LDAPIdResolver

[2016-04-20 23:15:32,009][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.PasswdIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc'>

[2016-04-20 23:15:32,009][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.SCIMIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc'>

[2016-04-20 23:15:32,009][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.SQLIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SQLIdResolver.pyc'>

[2016-04-20 23:15:32,009][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.LDAPIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc'>

[2016-04-20 23:15:32,010][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_config with arguments (u'zaxis',) and keywords {}

[2016-04-20 23:15:32,010][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_list with arguments () and keywords {'filter_resolver_name': u'zaxis'}

[2016-04-20 23:15:32,019][8697][140242422363904][DEBUG][privacyidea.lib.crypto:118] Entering decryptPassword with arguments (u'36fd2ba4d66c46ec3cf27f6d4a6150f9:f6bb0a6c5790e63e252bf7077b4df7cce85b70f14b1d814b3b22a3aaf5fad07e',) and keywords {}

[2016-04-20 23:15:32,020][8697][140242422363904][DEBUG][privacyidea.lib.crypto:131] Exiting decryptPassword with result HIDDEN

[2016-04-20 23:15:32,021][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_list with result {u'zaxis': {'data': {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}, 'type': u'ldapresolver', 'resolvername': u'zaxis'}}

[2016-04-20 23:15:32,021][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_config with result {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}

[2016-04-20 23:15:32,023][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_object with result <privacyidea.lib.resolvers.LDAPIdResolver.IdResolver object at 0x7f8c9eac5d50>

[2016-04-20 23:15:32,025][8697][140242422363904][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:535] Added 192.168.56.101, None, False to server pool.

[2016-04-20 23:15:32,042][8697][140242422363904][DEBUG][privacyidea.lib.token:118] Entering create_tokenclass_object with arguments (<<class 'privacyidea.models.Token'> {"'active'": 'True', "'count_window'": '10L', "'key_enc'": "u'08ee66d0b10a87d34bbfc7e364bac25ce7f5b15dad85b0a6e4bd4c62569ba6bc5630c5f5a9498a6323a6fb9d25f97463268f74925d3771d150bf49855ad11e45bc7258287d605bb9f98135c467e97ee5a6e5f47120f9b01cc7db3c9117579864'", "'pin_hash'": "u''", "'so_pin'": "u''", "'user_id'": "u'ac7997d2-5271-4e6e-aba1-39874ad601a3'", "'otplen'": '6L', "'so_pin_iv'": "u''", "'serial'": "u'TOTP00019183'", "'revoked'": 'False', "'locked'": 'False', "'maxfail'": '1000L', "'count'": '48705449L', "'pin_seed'": "u''", "'sync_window'": '1000L', "'description'": "u''", "'resolver_type'": "u'ldapresolver'", "'user_pin_iv'": "u''", "'user_pin'": "u''", "'rollout_state'": "u''", "'failcount'": '3L', "'_sa_instance_state'": '<sqlalchemy.orm.state.InstanceState object at 0x7f8c9eab3610>', "'id'": '3L', "'resolver'": "u'zaxis'", "'key_iv'": "u'f8dc64d884c32d8309f27a0f302ce7f4'", "'tokentype'": "u'totp'"}>,) and keywords {}

[2016-04-20 23:15:32,045][8697][140242422363904][DEBUG][privacyidea.lib.config:118] Entering get_token_module_list with arguments () and keywords {}

[2016-04-20 23:15:32,045][8697][140242422363904][DEBUG][privacyidea.lib.config:118] Entering get_token_list with arguments () and keywords {}

[2016-04-20 23:15:32,045][8697][140242422363904][DEBUG][privacyidea.lib.config:492] None

[2016-04-20 23:15:32,046][8697][140242422363904][DEBUG][privacyidea.lib.config:129] Exiting get_token_list with result set(['privacyidea.lib.tokens.tiqrtoken', 'privacyidea.lib.tokens.smstoken', 'privacyidea.lib.tokens.hotptoken', 'privacyidea.lib.tokens.remotetoken', 'privacyidea.lib.tokens.yubicotoken', 'privacyidea.lib.tokens.registrationtoken', 'privacyidea.lib.tokens.passwordtoken', 'privacyidea.lib.tokens.motptoken', 'privacyidea.lib.tokens.emailtoken', 'privacyidea.lib.tokens.papertoken', 'privacyidea.lib.tokens.daplugtoken', 'privacyidea.lib.tokens.spasstoken', 'privacyidea.lib.tokens.certificatetoken', 'privacyidea.lib.tokens.foureyestoken', 'privacyidea.lib.tokens.questionnairetoken', 'privacyidea.lib.tokens.yubikeytoken', 'privacyidea.lib.tokens.u2ftoken', 'privacyidea.lib.tokens.sshkeytoken', 'privacyidea.lib.tokens.totptoken', 'privacyidea.lib.tokens.radiustoken'])

[2016-04-20 23:15:32,046][8697][140242422363904][DEBUG][privacyidea.lib.config:517] using the module list: set(['privacyidea.lib.tokens.tiqrtoken', 'privacyidea.lib.tokens.smstoken', 'privacyidea.lib.tokens.hotptoken', 'privacyidea.lib.tokens.remotetoken', 'privacyidea.lib.tokens.yubicotoken', 'privacyidea.lib.tokens.registrationtoken', 'privacyidea.lib.tokens.passwordtoken', 'privacyidea.lib.tokens.motptoken', 'privacyidea.lib.tokens.emailtoken', 'privacyidea.lib.tokens.papertoken', 'privacyidea.lib.tokens.daplugtoken', 'privacyidea.lib.tokens.spasstoken', 'privacyidea.lib.tokens.certificatetoken', 'privacyidea.lib.tokens.foureyestoken', 'privacyidea.lib.tokens.questionnairetoken', 'privacyidea.lib.tokens.yubikeytoken', 'privacyidea.lib.tokens.u2ftoken', 'privacyidea.lib.tokens.sshkeytoken', 'privacyidea.lib.tokens.totptoken', 'privacyidea.lib.tokens.radiustoken'])

[2016-04-20 23:15:32,046][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.tiqrtoken

[2016-04-20 23:15:32,046][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.smstoken

[2016-04-20 23:15:32,046][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.hotptoken

[2016-04-20 23:15:32,047][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.remotetoken

[2016-04-20 23:15:32,047][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.yubicotoken

[2016-04-20 23:15:32,047][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.registrationtoken

[2016-04-20 23:15:32,047][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.passwordtoken

[2016-04-20 23:15:32,047][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.motptoken

[2016-04-20 23:15:32,047][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.emailtoken

[2016-04-20 23:15:32,047][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.papertoken

[2016-04-20 23:15:32,048][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.daplugtoken

[2016-04-20 23:15:32,048][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.spasstoken

[2016-04-20 23:15:32,048][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.certificatetoken

[2016-04-20 23:15:32,048][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.foureyestoken

[2016-04-20 23:15:32,048][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.questionnairetoken

[2016-04-20 23:15:32,048][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.yubikeytoken

[2016-04-20 23:15:32,048][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.u2ftoken

[2016-04-20 23:15:32,048][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.sshkeytoken

[2016-04-20 23:15:32,049][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.totptoken

[2016-04-20 23:15:32,049][8697][140242422363904][DEBUG][privacyidea.lib.config:531] import module: privacyidea.lib.tokens.radiustoken

[2016-04-20 23:15:32,049][8697][140242422363904][DEBUG][privacyidea.lib.config:129] Exiting get_token_module_list with result [<module 'privacyidea.lib.tokens.tiqrtoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/tiqrtoken.pyc'>, <module 'privacyidea.lib.tokens.smstoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/smstoken.pyc'>, <module 'privacyidea.lib.tokens.hotptoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/hotptoken.pyc'>, <module 'privacyidea.lib.tokens.remotetoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/remotetoken.pyc'>, <module 'privacyidea.lib.tokens.yubicotoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/yubicotoken.pyc'>, <module 'privacyidea.lib.tokens.registrationtoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/registrationtoken.pyc'>, <module 'privacyidea.lib.tokens.passwordtoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/passwordtoken.pyc'>, <module 'privacyidea.lib.tokens.motptoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/motptoken.pyc'>, <module 'privacyidea.lib.tokens.emailtoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/emailtoken.pyc'>, <module 'privacyidea.lib.tokens.papertoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/papertoken.pyc'>, <module 'privacyidea.lib.tokens.daplugtoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/daplugtoken.pyc'>, <module 'privacyidea.lib.tokens.spasstoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/spasstoken.pyc'>, <module 'privacyidea.lib.tokens.certificatetoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/certificatetoken.pyc'>, <module 'privacyidea.lib.tokens.foureyestoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/foureyestoken.pyc'>, <module 'privacyidea.lib.tokens.questionnairetoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/questionnairetoken.pyc'>, <module 'privacyidea.lib.tokens.yubikeytoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/yubikeytoken.pyc'>, <module 'privacyidea.lib.tokens.u2ftoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/u2ftoken.pyc'>, <module 'privacyidea.lib.tokens.sshkeytoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/sshkeytoken.pyc'>, <module 'privacyidea.lib.tokens.totptoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/totptoken.pyc'>, <module 'privacyidea.lib.tokens.radiustoken' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/radiustoken.pyc'>]

[2016-04-20 23:15:32,050][8697][140242422363904][DEBUG][privacyidea.lib.tokens.totptoken:118] Entering __init__ with arguments (<<class 'privacyidea.lib.tokens.totptoken.TotpTokenClass'> {}>, <<class 'privacyidea.models.Token'> {"'active'": 'True', "'count_window'": '10L', "'key_enc'": "u'08ee66d0b10a87d34bbfc7e364bac25ce7f5b15dad85b0a6e4bd4c62569ba6bc5630c5f5a9498a6323a6fb9d25f97463268f74925d3771d150bf49855ad11e45bc7258287d605bb9f98135c467e97ee5a6e5f47120f9b01cc7db3c9117579864'", "'pin_hash'": "u''", "'so_pin'": "u''", "'user_id'": "u'ac7997d2-5271-4e6e-aba1-39874ad601a3'", "'otplen'": '6L', "'so_pin_iv'": "u''", "'serial'": "u'TOTP00019183'", "'revoked'": 'False', "'locked'": 'False', "'maxfail'": '1000L', "'count'": '48705449L', "'pin_seed'": "u''", "'sync_window'": '1000L', "'description'": "u''", "'resolver_type'": "u'ldapresolver'", "'user_pin_iv'": "u''", "'user_pin'": "u''", "'rollout_state'": "u''", "'failcount'": '3L', "'_sa_instance_state'": '<sqlalchemy.orm.state.InstanceState object at 0x7f8c9eab3610>', "'id'": '3L', "'resolver'": "u'zaxis'", "'key_iv'": "u'f8dc64d884c32d8309f27a0f302ce7f4'", "'tokentype'": "u'totp'"}>) and keywords {}

[2016-04-20 23:15:32,050][8697][140242422363904][DEBUG][privacyidea.lib.tokenclass:118] Entering __init__ with arguments (<<class 'privacyidea.lib.tokens.totptoken.TotpTokenClass'> {}>, <<class 'privacyidea.models.Token'> {"'active'": 'True', "'count_window'": '10L', "'key_enc'": "u'08ee66d0b10a87d34bbfc7e364bac25ce7f5b15dad85b0a6e4bd4c62569ba6bc5630c5f5a9498a6323a6fb9d25f97463268f74925d3771d150bf49855ad11e45bc7258287d605bb9f98135c467e97ee5a6e5f47120f9b01cc7db3c9117579864'", "'pin_hash'": "u''", "'so_pin'": "u''", "'user_id'": "u'ac7997d2-5271-4e6e-aba1-39874ad601a3'", "'otplen'": '6L', "'so_pin_iv'": "u''", "'serial'": "u'TOTP00019183'", "'revoked'": 'False', "'locked'": 'False', "'maxfail'": '1000L', "'count'": '48705449L', "'pin_seed'": "u''", "'sync_window'": '1000L', "'description'": "u''", "'resolver_type'": "u'ldapresolver'", "'user_pin_iv'": "u''", "'user_pin'": "u''", "'rollout_state'": "u''", "'failcount'": '3L', "'_sa_instance_state'": '<sqlalchemy.orm.state.InstanceState object at 0x7f8c9eab3610>', "'id'": '3L', "'resolver'": "u'zaxis'", "'key_iv'": "u'f8dc64d884c32d8309f27a0f302ce7f4'", "'tokentype'": "u'totp'"}>) and keywords {}

[2016-04-20 23:15:32,050][8697][140242422363904][DEBUG][privacyidea.lib.tokenclass:129] Exiting __init__ with result None

[2016-04-20 23:15:32,050][8697][140242422363904][DEBUG][privacyidea.lib.tokens.totptoken:129] Exiting __init__ with result None

[2016-04-20 23:15:32,055][8697][140242422363904][DEBUG][privacyidea.lib.token:129] Exiting create_tokenclass_object with result <<class 'privacyidea.lib.tokens.totptoken.TotpTokenClass'> {"'token'": '<<class \'privacyidea.models.Token\'> {"\'active\'": \'True\', "\'count_window\'": \'10L\', "\'key_enc\'": "u\'08ee66d0b10a87d34bbfc7e364bac25ce7f5b15dad85b0a6e4bd4c62569ba6bc5630c5f5a9498a6323a6fb9d25f97463268f74925d3771d150bf49855ad11e45bc7258287d605bb9f98135c467e97ee5a6e5f47120f9b01cc7db3c9117579864\'", "\'pin_hash\'": "u\'\'", "\'so_pin\'": "u\'\'", "\'user_id\'": "u\'ac7997d2-5271-4e6e-aba1-39874ad601a3\'", "\'otplen\'": \'6L\', "\'so_pin_iv\'": "u\'\'", "\'serial\'": "u\'TOTP00019183\'", "\'revoked\'": \'False\', "\'locked\'": \'False\', "\'maxfail\'": \'1000L\', "\'count\'": \'48705449L\', "\'pin_seed\'": "u\'\'", "\'sync_window\'": \'1000L\', "\'description\'": "u\'\'", "\'resolver_type\'": "u\'ldapresolver\'", "\'user_pin_iv\'": "u\'\'", "\'user_pin\'": "u\'\'", "\'rollout_state\'": "u\'\'", "\'failcount\'": \'3L\', "\'_sa_instance_state\'": \'<sqlalchemy.orm.state.InstanceState object at 0x7f8c9eab3610>\', "\'id\'": \'3L\', "\'resolver\'": "u\'zaxis\'", "\'key_iv\'": "u\'f8dc64d884c32d8309f27a0f302ce7f4\'", "\'tokentype\'": "u\'totp\'"}>', "'init_details'": '{}', "'type'": "u'totp'", "'hKeyRequired'": 'True', "'auth_details'": '{}'}>

[2016-04-20 23:15:32,055][8697][140242422363904][DEBUG][privacyidea.lib.token:129] Exiting get_tokens with result [<<class 'privacyidea.lib.tokens.totptoken.TotpTokenClass'> {"'token'": '<<class \'privacyidea.models.Token\'> {"\'active\'": \'True\', "\'count_window\'": \'10L\', "\'key_enc\'": "u\'08ee66d0b10a87d34bbfc7e364bac25ce7f5b15dad85b0a6e4bd4c62569ba6bc5630c5f5a9498a6323a6fb9d25f97463268f74925d3771d150bf49855ad11e45bc7258287d605bb9f98135c467e97ee5a6e5f47120f9b01cc7db3c9117579864\'", "\'pin_hash\'": "u\'\'", "\'so_pin\'": "u\'\'", "\'user_id\'": "u\'ac7997d2-5271-4e6e-aba1-39874ad601a3\'", "\'otplen\'": \'6L\', "\'so_pin_iv\'": "u\'\'", "\'serial\'": "u\'TOTP00019183\'", "\'revoked\'": \'False\', "\'locked\'": \'False\', "\'maxfail\'": \'1000L\', "\'count\'": \'48705449L\', "\'pin_seed\'": "u\'\'", "\'sync_window\'": \'1000L\', "\'description\'": "u\'\'", "\'resolver_type\'": "u\'ldapresolver\'", "\'user_pin_iv\'": "u\'\'", "\'user_pin\'": "u\'\'", "\'rollout_state\'": "u\'\'", "\'failcount\'": \'3L\', "\'_sa_instance_state\'": \'<sqlalchemy.orm.state.InstanceState object at 0x7f8c9eab3610>\', "\'id\'": \'3L\', "\'resolver\'": "u\'zaxis\'", "\'key_iv\'": "u\'f8dc64d884c32d8309f27a0f302ce7f4\'", "\'tokentype\'": "u\'totp\'"}>', "'init_details'": '{}', "'type'": "u'totp'", "'hKeyRequired'": 'True', "'auth_details'": '{}'}>]

[2016-04-20 23:15:32,055][8697][140242422363904][DEBUG][privacyidea.lib.user:118] Entering get_username with arguments (u'ac7997d2-5271-4e6e-aba1-39874ad601a3', u'zaxis') and keywords {}

[2016-04-20 23:15:32,055][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_object with arguments (u'zaxis',) and keywords {}

[2016-04-20 23:15:32,055][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_list with arguments () and keywords {'filter_resolver_name': u'zaxis'}

[2016-04-20 23:15:32,064][8697][140242422363904][DEBUG][privacyidea.lib.crypto:118] Entering decryptPassword with arguments (u'36fd2ba4d66c46ec3cf27f6d4a6150f9:f6bb0a6c5790e63e252bf7077b4df7cce85b70f14b1d814b3b22a3aaf5fad07e',) and keywords {}

[2016-04-20 23:15:32,070][8697][140242422363904][DEBUG][privacyidea.lib.crypto:131] Exiting decryptPassword with result HIDDEN

[2016-04-20 23:15:32,071][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_list with result {u'zaxis': {'data': {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}, 'type': u'ldapresolver', 'resolvername': u'zaxis'}}

[2016-04-20 23:15:32,071][8697][140242422363904][DEBUG][privacyidea.lib.config:118] Entering get_resolver_list with arguments () and keywords {}

[2016-04-20 23:15:32,071][8697][140242422363904][DEBUG][privacyidea.lib.config:421] None

[2016-04-20 23:15:32,072][8697][140242422363904][DEBUG][privacyidea.lib.config:129] Exiting get_resolver_list with result set(['privacyidea.lib.resolvers.PasswdIdResolver', 'privacyidea.lib.resolvers.SCIMIdResolver', 'privacyidea.lib.resolvers.SQLIdResolver', 'privacyidea.lib.resolvers.LDAPIdResolver'])

[2016-04-20 23:15:32,072][8697][140242422363904][DEBUG][privacyidea.lib.config:553] using the module list: set(['privacyidea.lib.resolvers.PasswdIdResolver', 'privacyidea.lib.resolvers.SCIMIdResolver', 'privacyidea.lib.resolvers.SQLIdResolver', 'privacyidea.lib.resolvers.LDAPIdResolver'])

[2016-04-20 23:15:32,072][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.PasswdIdResolver

[2016-04-20 23:15:32,072][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.SCIMIdResolver

[2016-04-20 23:15:32,072][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.SQLIdResolver

[2016-04-20 23:15:32,072][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.LDAPIdResolver

[2016-04-20 23:15:32,073][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.PasswdIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc'>

[2016-04-20 23:15:32,073][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.SCIMIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc'>

[2016-04-20 23:15:32,073][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.SQLIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SQLIdResolver.pyc'>

[2016-04-20 23:15:32,073][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.LDAPIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc'>

[2016-04-20 23:15:32,074][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_config with arguments (u'zaxis',) and keywords {}

[2016-04-20 23:15:32,074][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_list with arguments () and keywords {'filter_resolver_name': u'zaxis'}

[2016-04-20 23:15:32,080][8697][140242422363904][DEBUG][privacyidea.lib.crypto:118] Entering decryptPassword with arguments (u'36fd2ba4d66c46ec3cf27f6d4a6150f9:f6bb0a6c5790e63e252bf7077b4df7cce85b70f14b1d814b3b22a3aaf5fad07e',) and keywords {}

[2016-04-20 23:15:32,087][8697][140242422363904][DEBUG][privacyidea.lib.crypto:131] Exiting decryptPassword with result HIDDEN

[2016-04-20 23:15:32,088][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_list with result {u'zaxis': {'data': {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}, 'type': u'ldapresolver', 'resolvername': u'zaxis'}}

[2016-04-20 23:15:32,088][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_config with result {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}

[2016-04-20 23:15:32,090][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_object with result <privacyidea.lib.resolvers.LDAPIdResolver.IdResolver object at 0x7f8c9eac5050>

[2016-04-20 23:15:32,091][8697][140242422363904][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:535] Added 192.168.56.101, None, False to server pool.

[2016-04-20 23:15:32,099][8697][140242422363904][DEBUG][privacyidea.lib.user:129] Exiting get_username with result

[2016-04-20 23:15:32,102][8697][140242422363904][DEBUG][privacyidea.lib.token:118] Entering check_token_list with arguments ([<<class 'privacyidea.lib.tokens.totptoken.TotpTokenClass'> {"'token'": '<<class \'privacyidea.models.Token\'> {"\'active\'": \'True\', "\'count_window\'": \'10L\', "\'key_enc\'": "u\'08ee66d0b10a87d34bbfc7e364bac25ce7f5b15dad85b0a6e4bd4c62569ba6bc5630c5f5a9498a6323a6fb9d25f97463268f74925d3771d150bf49855ad11e45bc7258287d605bb9f98135c467e97ee5a6e5f47120f9b01cc7db3c9117579864\'", "\'pin_hash\'": "u\'\'", "\'so_pin\'": "u\'\'", "\'user_id\'": "u\'ac7997d2-5271-4e6e-aba1-39874ad601a3\'", "\'otplen\'": \'6L\', "\'so_pin_iv\'": "u\'\'", "\'serial\'": "u\'TOTP00019183\'", "\'revoked\'": \'False\', "\'locked\'": \'False\', "\'maxfail\'": \'1000L\', "\'realm_list\'": \'[<privacyidea.models.TokenRealm object at 0x7f8c9eacd890>]\', "\'count\'": \'48705449L\', "\'pin_seed\'": "u\'\'", "\'sync_window\'": \'1000L\', "\'description\'": "u\'\'", "\'resolver_type\'": "u\'ldapresolver\'", "\'user_pin_iv\'": "u\'\'", "\'user_pin\'": "u\'\'", "\'rollout_state\'": "u\'\'", "\'failcount\'": \'3L\', "\'_sa_instance_state\'": \'<sqlalchemy.orm.state.InstanceState object at 0x7f8c9eab3610>\', "\'id\'": \'3L\', "\'resolver\'": "u\'zaxis\'", "\'key_iv\'": "u\'f8dc64d884c32d8309f27a0f302ce7f4\'", "\'tokentype\'": "u\'totp\'"}>', "'init_details'": '{}', "'type'": "u'totp'", "'hKeyRequired'": 'True', "'auth_details'": '{}'}>], u'511357P@kistan123628408') and keywords {'user': None, 'options': {'clientip': '127.0.0.1', 'client': u'127.0.0.1', 'user': u'user98@zaxis', 'g': <flask.g of 'privacyidea.app'>, 'pass': u'511357P@kistan123628408'}}

[2016-04-20 23:15:32,103][8697][140242422363904][DEBUG][privacyidea.lib.user:118] Entering get_username with arguments (u'ac7997d2-5271-4e6e-aba1-39874ad601a3', u'zaxis') and keywords {}

[2016-04-20 23:15:32,103][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_object with arguments (u'zaxis',) and keywords {}

[2016-04-20 23:15:32,103][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_list with arguments () and keywords {'filter_resolver_name': u'zaxis'}

[2016-04-20 23:15:32,114][8697][140242422363904][DEBUG][privacyidea.lib.crypto:118] Entering decryptPassword with arguments (u'36fd2ba4d66c46ec3cf27f6d4a6150f9:f6bb0a6c5790e63e252bf7077b4df7cce85b70f14b1d814b3b22a3aaf5fad07e',) and keywords {}

[2016-04-20 23:15:32,114][8697][140242422363904][DEBUG][privacyidea.lib.crypto:131] Exiting decryptPassword with result HIDDEN

[2016-04-20 23:15:32,115][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_list with result {u'zaxis': {'data': {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}, 'type': u'ldapresolver', 'resolvername': u'zaxis'}}

[2016-04-20 23:15:32,115][8697][140242422363904][DEBUG][privacyidea.lib.config:118] Entering get_resolver_list with arguments () and keywords {}

[2016-04-20 23:15:32,115][8697][140242422363904][DEBUG][privacyidea.lib.config:421] None

[2016-04-20 23:15:32,115][8697][140242422363904][DEBUG][privacyidea.lib.config:129] Exiting get_resolver_list with result set(['privacyidea.lib.resolvers.PasswdIdResolver', 'privacyidea.lib.resolvers.SCIMIdResolver', 'privacyidea.lib.resolvers.SQLIdResolver', 'privacyidea.lib.resolvers.LDAPIdResolver'])

[2016-04-20 23:15:32,116][8697][140242422363904][DEBUG][privacyidea.lib.config:553] using the module list: set(['privacyidea.lib.resolvers.PasswdIdResolver', 'privacyidea.lib.resolvers.SCIMIdResolver', 'privacyidea.lib.resolvers.SQLIdResolver', 'privacyidea.lib.resolvers.LDAPIdResolver'])

[2016-04-20 23:15:32,116][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.PasswdIdResolver

[2016-04-20 23:15:32,116][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.SCIMIdResolver

[2016-04-20 23:15:32,116][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.SQLIdResolver

[2016-04-20 23:15:32,116][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.LDAPIdResolver

[2016-04-20 23:15:32,116][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.PasswdIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc'>

[2016-04-20 23:15:32,117][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.SCIMIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc'>

[2016-04-20 23:15:32,117][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.SQLIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SQLIdResolver.pyc'>

[2016-04-20 23:15:32,117][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.LDAPIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc'>

[2016-04-20 23:15:32,117][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_config with arguments (u'zaxis',) and keywords {}

[2016-04-20 23:15:32,117][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_list with arguments () and keywords {'filter_resolver_name': u'zaxis'}

[2016-04-20 23:15:32,122][8697][140242422363904][DEBUG][privacyidea.lib.crypto:118] Entering decryptPassword with arguments (u'36fd2ba4d66c46ec3cf27f6d4a6150f9:f6bb0a6c5790e63e252bf7077b4df7cce85b70f14b1d814b3b22a3aaf5fad07e',) and keywords {}

[2016-04-20 23:15:32,123][8697][140242422363904][DEBUG][privacyidea.lib.crypto:131] Exiting decryptPassword with result HIDDEN

[2016-04-20 23:15:32,123][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_list with result {u'zaxis': {'data': {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}, 'type': u'ldapresolver', 'resolvername': u'zaxis'}}

[2016-04-20 23:15:32,124][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_config with result {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}

[2016-04-20 23:15:32,125][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_object with result <privacyidea.lib.resolvers.LDAPIdResolver.IdResolver object at 0x7f8c9eaa52d0>

[2016-04-20 23:15:32,128][8697][140242422363904][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:535] Added 192.168.56.101, None, False to server pool.

[2016-04-20 23:15:32,142][8697][140242422363904][DEBUG][privacyidea.lib.user:129] Exiting get_username with result

[2016-04-20 23:15:32,143][8697][140242422363904][DEBUG][privacyidea.lib.token:1862] Found user with loginId None: u'TOTP00019183'

[2016-04-20 23:15:32,143][8697][140242422363904][DEBUG][privacyidea.lib.tokens.hotptoken:118] Entering is_challenge_request with arguments (<<class 'privacyidea.lib.tokens.totptoken.TotpTokenClass'> {"'token'": '<<class \'privacyidea.models.Token\'> {"\'active\'": \'True\', "\'count_window\'": \'10L\', "\'key_enc\'": "u\'08ee66d0b10a87d34bbfc7e364bac25ce7f5b15dad85b0a6e4bd4c62569ba6bc5630c5f5a9498a6323a6fb9d25f97463268f74925d3771d150bf49855ad11e45bc7258287d605bb9f98135c467e97ee5a6e5f47120f9b01cc7db3c9117579864\'", "\'pin_hash\'": "u\'\'", "\'so_pin\'": "u\'\'", "\'user_id\'": "u\'ac7997d2-5271-4e6e-aba1-39874ad601a3\'", "\'otplen\'": \'6L\', "\'so_pin_iv\'": "u\'\'", "\'serial\'": "u\'TOTP00019183\'", "\'revoked\'": \'False\', "\'locked\'": \'False\', "\'maxfail\'": \'1000L\', "\'realm_list\'": \'[<privacyidea.models.TokenRealm object at 0x7f8c9eacd890>]\', "\'count\'": \'48705449L\', "\'pin_seed\'": "u\'\'", "\'sync_window\'": \'1000L\', "\'description\'": "u\'\'", "\'resolver_type\'": "u\'ldapresolver\'", "\'user_pin_iv\'": "u\'\'", "\'user_pin\'": "u\'\'", "\'rollout_state\'": "u\'\'", "\'failcount\'": \'3L\', "\'_sa_instance_state\'": \'<sqlalchemy.orm.state.InstanceState object at 0x7f8c9eab3610>\', "\'id\'": \'3L\', "\'resolver\'": "u\'zaxis\'", "\'key_iv\'": "u\'f8dc64d884c32d8309f27a0f302ce7f4\'", "\'tokentype\'": "u\'totp\'"}>', "'init_details'": '{}', "'type'": "u'totp'", "'hKeyRequired'": 'True', "'auth_details'": '{}'}>, u'511357P@kistan123628408') and keywords {'user': None, 'options': {'clientip': '127.0.0.1', 'client': u'127.0.0.1', 'user': None, 'g': <flask.g of 'privacyidea.app'>, 'pass': u'511357P@kistan123628408'}}

[2016-04-20 23:15:32,144][8697][140242422363904][DEBUG][privacyidea.lib.user:118] Entering User with arguments () and keywords {}

[2016-04-20 23:15:32,144][8697][140242422363904][DEBUG][privacyidea.lib.user:118] Entering get_realm_resolvers with arguments (User(login='', realm='', resolver=''),) and keywords {}

[2016-04-20 23:15:32,144][8697][140242422363904][DEBUG][privacyidea.lib.realm:118] Entering get_realms with arguments ('',) and keywords {}

[2016-04-20 23:15:32,158][8697][140242422363904][DEBUG][privacyidea.lib.realm:129] Exiting get_realms with result {u'zaxis': {'default': True, 'resolver': [{'priority': 999L, 'type': u'ldapresolver', 'name': u'zaxis'}]}}

[2016-04-20 23:15:32,158][8697][140242422363904][DEBUG][privacyidea.lib.user:129] Exiting get_realm_resolvers with result {}

[2016-04-20 23:15:32,159][8697][140242422363904][DEBUG][privacyidea.lib.user:129] Exiting User with result <empty user>

[2016-04-20 23:15:32,165][8697][140242422363904][DEBUG][privacyidea.lib.policydecorators:118] Found these allowed tokentypes: []

[2016-04-20 23:15:32,165][8697][140242422363904][DEBUG][privacyidea.lib.tokens.hotptoken:129] Exiting is_challenge_request with result False

[2016-04-20 23:15:32,165][8697][140242422363904][DEBUG][privacyidea.lib.config:118] Entering get_from_config with arguments () and keywords {'key': 'PrependPin'}

[2016-04-20 23:15:32,167][8697][140242422363904][DEBUG][privacyidea.lib.config:129] Exiting get_from_config with result 1

[2016-04-20 23:15:32,167][8697][140242422363904][DEBUG][privacyidea.lib.user:118] Entering get_username with arguments (u'ac7997d2-5271-4e6e-aba1-39874ad601a3', u'zaxis') and keywords {}

[2016-04-20 23:15:32,167][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_object with arguments (u'zaxis',) and keywords {}

[2016-04-20 23:15:32,167][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_list with arguments () and keywords {'filter_resolver_name': u'zaxis'}

[2016-04-20 23:15:32,174][8697][140242422363904][DEBUG][privacyidea.lib.crypto:118] Entering decryptPassword with arguments (u'36fd2ba4d66c46ec3cf27f6d4a6150f9:f6bb0a6c5790e63e252bf7077b4df7cce85b70f14b1d814b3b22a3aaf5fad07e',) and keywords {}

[2016-04-20 23:15:32,182][8697][140242422363904][DEBUG][privacyidea.lib.crypto:131] Exiting decryptPassword with result HIDDEN

[2016-04-20 23:15:32,185][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_list with result {u'zaxis': {'data': {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}, 'type': u'ldapresolver', 'resolvername': u'zaxis'}}

[2016-04-20 23:15:32,185][8697][140242422363904][DEBUG][privacyidea.lib.config:118] Entering get_resolver_list with arguments () and keywords {}

[2016-04-20 23:15:32,185][8697][140242422363904][DEBUG][privacyidea.lib.config:421] None

[2016-04-20 23:15:32,185][8697][140242422363904][DEBUG][privacyidea.lib.config:129] Exiting get_resolver_list with result set(['privacyidea.lib.resolvers.PasswdIdResolver', 'privacyidea.lib.resolvers.SCIMIdResolver', 'privacyidea.lib.resolvers.SQLIdResolver', 'privacyidea.lib.resolvers.LDAPIdResolver'])

[2016-04-20 23:15:32,185][8697][140242422363904][DEBUG][privacyidea.lib.config:553] using the module list: set(['privacyidea.lib.resolvers.PasswdIdResolver', 'privacyidea.lib.resolvers.SCIMIdResolver', 'privacyidea.lib.resolvers.SQLIdResolver', 'privacyidea.lib.resolvers.LDAPIdResolver'])

[2016-04-20 23:15:32,190][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.PasswdIdResolver

[2016-04-20 23:15:32,191][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.SCIMIdResolver

[2016-04-20 23:15:32,191][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.SQLIdResolver

[2016-04-20 23:15:32,191][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.LDAPIdResolver

[2016-04-20 23:15:32,191][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.PasswdIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc'>

[2016-04-20 23:15:32,191][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.SCIMIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc'>

[2016-04-20 23:15:32,191][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.SQLIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SQLIdResolver.pyc'>

[2016-04-20 23:15:32,192][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.LDAPIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc'>

[2016-04-20 23:15:32,192][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_config with arguments (u'zaxis',) and keywords {}

[2016-04-20 23:15:32,192][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_list with arguments () and keywords {'filter_resolver_name': u'zaxis'}

[2016-04-20 23:15:32,197][8697][140242422363904][DEBUG][privacyidea.lib.crypto:118] Entering decryptPassword with arguments (u'36fd2ba4d66c46ec3cf27f6d4a6150f9:f6bb0a6c5790e63e252bf7077b4df7cce85b70f14b1d814b3b22a3aaf5fad07e',) and keywords {}

[2016-04-20 23:15:32,197][8697][140242422363904][DEBUG][privacyidea.lib.crypto:131] Exiting decryptPassword with result HIDDEN

[2016-04-20 23:15:32,198][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_list with result {u'zaxis': {'data': {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}, 'type': u'ldapresolver', 'resolvername': u'zaxis'}}

[2016-04-20 23:15:32,198][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_config with result {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}

[2016-04-20 23:15:32,199][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_object with result <privacyidea.lib.resolvers.LDAPIdResolver.IdResolver object at 0x7f8c9ead1910>

[2016-04-20 23:15:32,201][8697][140242422363904][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:535] Added 192.168.56.101, None, False to server pool.

[2016-04-20 23:15:32,215][8697][140242422363904][DEBUG][privacyidea.lib.user:129] Exiting get_username with result

[2016-04-20 23:15:32,215][8697][140242422363904][DEBUG][privacyidea.lib.user:118] Entering User with arguments ('',) and keywords {'realm': u'zaxis'}

[2016-04-20 23:15:32,216][8697][140242422363904][DEBUG][privacyidea.lib.user:118] Entering get_realm_resolvers with arguments (User(login='', realm=u'zaxis', resolver=''),) and keywords {}

[2016-04-20 23:15:32,216][8697][140242422363904][DEBUG][privacyidea.lib.realm:118] Entering get_realms with arguments (u'zaxis',) and keywords {}

[2016-04-20 23:15:32,219][8697][140242422363904][DEBUG][privacyidea.lib.realm:129] Exiting get_realms with result {u'zaxis': {'default': True, 'resolver': [{'priority': 999L, 'type': u'ldapresolver', 'name': u'zaxis'}]}}

[2016-04-20 23:15:32,219][8697][140242422363904][DEBUG][privacyidea.lib.user:129] Exiting get_realm_resolvers with result {u'zaxis': {'priority': 999L, 'type': u'ldapresolver'}}

[2016-04-20 23:15:32,219][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_object with arguments (u'zaxis',) and keywords {}

[2016-04-20 23:15:32,219][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_list with arguments () and keywords {'filter_resolver_name': u'zaxis'}

[2016-04-20 23:15:32,228][8697][140242422363904][DEBUG][privacyidea.lib.crypto:118] Entering decryptPassword with arguments (u'36fd2ba4d66c46ec3cf27f6d4a6150f9:f6bb0a6c5790e63e252bf7077b4df7cce85b70f14b1d814b3b22a3aaf5fad07e',) and keywords {}

[2016-04-20 23:15:32,229][8697][140242422363904][DEBUG][privacyidea.lib.crypto:131] Exiting decryptPassword with result HIDDEN

[2016-04-20 23:15:32,229][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_list with result {u'zaxis': {'data': {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}, 'type': u'ldapresolver', 'resolvername': u'zaxis'}}

[2016-04-20 23:15:32,230][8697][140242422363904][DEBUG][privacyidea.lib.config:118] Entering get_resolver_list with arguments () and keywords {}

[2016-04-20 23:15:32,230][8697][140242422363904][DEBUG][privacyidea.lib.config:421] None

[2016-04-20 23:15:32,230][8697][140242422363904][DEBUG][privacyidea.lib.config:129] Exiting get_resolver_list with result set(['privacyidea.lib.resolvers.PasswdIdResolver', 'privacyidea.lib.resolvers.SCIMIdResolver', 'privacyidea.lib.resolvers.SQLIdResolver', 'privacyidea.lib.resolvers.LDAPIdResolver'])

[2016-04-20 23:15:32,231][8697][140242422363904][DEBUG][privacyidea.lib.config:553] using the module list: set(['privacyidea.lib.resolvers.PasswdIdResolver', 'privacyidea.lib.resolvers.SCIMIdResolver', 'privacyidea.lib.resolvers.SQLIdResolver', 'privacyidea.lib.resolvers.LDAPIdResolver'])

[2016-04-20 23:15:32,231][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.PasswdIdResolver

[2016-04-20 23:15:32,232][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.SCIMIdResolver

[2016-04-20 23:15:32,232][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.SQLIdResolver

[2016-04-20 23:15:32,233][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.LDAPIdResolver

[2016-04-20 23:15:32,234][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.PasswdIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc'>

[2016-04-20 23:15:32,234][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.SCIMIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc'>

[2016-04-20 23:15:32,235][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.SQLIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SQLIdResolver.pyc'>

[2016-04-20 23:15:32,235][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.LDAPIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc'>

[2016-04-20 23:15:32,235][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_config with arguments (u'zaxis',) and keywords {}

[2016-04-20 23:15:32,236][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_list with arguments () and keywords {'filter_resolver_name': u'zaxis'}

[2016-04-20 23:15:32,244][8697][140242422363904][DEBUG][privacyidea.lib.crypto:118] Entering decryptPassword with arguments (u'36fd2ba4d66c46ec3cf27f6d4a6150f9:f6bb0a6c5790e63e252bf7077b4df7cce85b70f14b1d814b3b22a3aaf5fad07e',) and keywords {}

[2016-04-20 23:15:32,245][8697][140242422363904][DEBUG][privacyidea.lib.crypto:131] Exiting decryptPassword with result HIDDEN

[2016-04-20 23:15:32,246][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_list with result {u'zaxis': {'data': {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}, 'type': u'ldapresolver', 'resolvername': u'zaxis'}}

[2016-04-20 23:15:32,246][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_config with result {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}

[2016-04-20 23:15:32,248][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_object with result <privacyidea.lib.resolvers.LDAPIdResolver.IdResolver object at 0x7f8c9eab38d0>

[2016-04-20 23:15:32,252][8697][140242422363904][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:535] Added 192.168.56.101, None, False to server pool.

[2016-04-20 23:15:32,276][8697][140242422363904][DEBUG][privacyidea.lib.user:200] user '' not found in resolver u'zaxis'

[2016-04-20 23:15:32,276][8697][140242422363904][DEBUG][privacyidea.lib.user:129] Exiting User with result <@zaxis>

[2016-04-20 23:15:32,277][8697][140242422363904][DEBUG][privacyidea.lib.user:118] Entering check_password with arguments (User(login='', realm=u'zaxis', resolver=''), u'511357P@kistan123') and keywords {}

[2016-04-20 23:15:32,277][8697][140242422363904][INFO][privacyidea.lib.user:328] User '' from realm u'zaxis' tries to authenticate

[2016-04-20 23:15:32,277][8697][140242422363904][DEBUG][privacyidea.lib.user:118] Entering get_realm_resolvers with arguments (User(login=u'', realm=u'zaxis', resolver=''),) and keywords {}

[2016-04-20 23:15:32,277][8697][140242422363904][DEBUG][privacyidea.lib.realm:118] Entering get_realms with arguments (u'zaxis',) and keywords {}

[2016-04-20 23:15:32,280][8697][140242422363904][DEBUG][privacyidea.lib.realm:129] Exiting get_realms with result {u'zaxis': {'default': True, 'resolver': [{'priority': 999L, 'type': u'ldapresolver', 'name': u'zaxis'}]}}

[2016-04-20 23:15:32,280][8697][140242422363904][DEBUG][privacyidea.lib.user:129] Exiting get_realm_resolvers with result {u'zaxis': {'priority': 999L, 'type': u'ldapresolver'}}

[2016-04-20 23:15:32,280][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_object with arguments (u'zaxis',) and keywords {}

[2016-04-20 23:15:32,280][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_list with arguments () and keywords {'filter_resolver_name': u'zaxis'}

[2016-04-20 23:15:32,286][8697][140242422363904][DEBUG][privacyidea.lib.crypto:118] Entering decryptPassword with arguments (u'36fd2ba4d66c46ec3cf27f6d4a6150f9:f6bb0a6c5790e63e252bf7077b4df7cce85b70f14b1d814b3b22a3aaf5fad07e',) and keywords {}

[2016-04-20 23:15:32,286][8697][140242422363904][DEBUG][privacyidea.lib.crypto:131] Exiting decryptPassword with result HIDDEN

[2016-04-20 23:15:32,286][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_list with result {u'zaxis': {'data': {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}, 'type': u'ldapresolver', 'resolvername': u'zaxis'}}

[2016-04-20 23:15:32,287][8697][140242422363904][DEBUG][privacyidea.lib.config:118] Entering get_resolver_list with arguments () and keywords {}

[2016-04-20 23:15:32,287][8697][140242422363904][DEBUG][privacyidea.lib.config:421] None

[2016-04-20 23:15:32,287][8697][140242422363904][DEBUG][privacyidea.lib.config:129] Exiting get_resolver_list with result set(['privacyidea.lib.resolvers.PasswdIdResolver', 'privacyidea.lib.resolvers.SCIMIdResolver', 'privacyidea.lib.resolvers.SQLIdResolver', 'privacyidea.lib.resolvers.LDAPIdResolver'])

[2016-04-20 23:15:32,287][8697][140242422363904][DEBUG][privacyidea.lib.config:553] using the module list: set(['privacyidea.lib.resolvers.PasswdIdResolver', 'privacyidea.lib.resolvers.SCIMIdResolver', 'privacyidea.lib.resolvers.SQLIdResolver', 'privacyidea.lib.resolvers.LDAPIdResolver'])

[2016-04-20 23:15:32,287][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.PasswdIdResolver

[2016-04-20 23:15:32,287][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.SCIMIdResolver

[2016-04-20 23:15:32,287][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.SQLIdResolver

[2016-04-20 23:15:32,287][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.LDAPIdResolver

[2016-04-20 23:15:32,287][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.PasswdIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc'>

[2016-04-20 23:15:32,288][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.SCIMIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc'>

[2016-04-20 23:15:32,288][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.SQLIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SQLIdResolver.pyc'>

[2016-04-20 23:15:32,288][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.LDAPIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc'>

[2016-04-20 23:15:32,288][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_config with arguments (u'zaxis',) and keywords {}

[2016-04-20 23:15:32,288][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_list with arguments () and keywords {'filter_resolver_name': u'zaxis'}

[2016-04-20 23:15:32,295][8697][140242422363904][DEBUG][privacyidea.lib.crypto:118] Entering decryptPassword with arguments (u'36fd2ba4d66c46ec3cf27f6d4a6150f9:f6bb0a6c5790e63e252bf7077b4df7cce85b70f14b1d814b3b22a3aaf5fad07e',) and keywords {}

[2016-04-20 23:15:32,295][8697][140242422363904][DEBUG][privacyidea.lib.crypto:131] Exiting decryptPassword with result HIDDEN

[2016-04-20 23:15:32,295][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_list with result {u'zaxis': {'data': {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}, 'type': u'ldapresolver', 'resolvername': u'zaxis'}}

[2016-04-20 23:15:32,296][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_config with result {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}

[2016-04-20 23:15:32,297][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_object with result <privacyidea.lib.resolvers.LDAPIdResolver.IdResolver object at 0x7f8c9eaa5ad0>

[2016-04-20 23:15:32,300][8697][140242422363904][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:535] Added 192.168.56.101, None, False to server pool.

[2016-04-20 23:15:32,312][8697][140242422363904][DEBUG][privacyidea.lib.user:200] user u'' not found in resolver u'zaxis'

[2016-04-20 23:15:32,312][8697][140242422363904][ERROR][privacyidea.lib.user:344] The user User(login=u'', realm=u'zaxis', resolver='') exists in NO resolver.

[2016-04-20 23:15:32,312][8697][140242422363904][DEBUG][privacyidea.lib.user:129] Exiting check_password with result None

[2016-04-20 23:15:32,313][8697][140242422363904][DEBUG][privacyidea.lib.config:118] Entering get_from_config with arguments () and keywords {'key': 'IncFailCountOnFalsePin'}

[2016-04-20 23:15:32,315][8697][140242422363904][DEBUG][privacyidea.lib.config:129] Exiting get_from_config with result 1

[2016-04-20 23:15:32,354][8697][140242422363904][DEBUG][privacyidea.lib.token:129] Exiting check_token_list with result (False, {'message': 'wrong otp pin'})

[2016-04-20 23:15:32,355][8697][140242422363904][DEBUG][privacyidea.lib.token:129] Exiting check_user_pass with result (False, {'message': 'wrong otp pin'})

[2016-04-20 23:15:32,355][8697][140242422363904][DEBUG][privacyidea.lib.config:118] Entering get_from_config with arguments ('splitAtSign',) and keywords {}

[2016-04-20 23:15:32,357][8697][140242422363904][DEBUG][privacyidea.lib.config:129] Exiting get_from_config with result 1

[2016-04-20 23:15:32,357][8697][140242422363904][DEBUG][privacyidea.lib.user:118] Entering split_user with arguments (u'user98@zaxis',) and keywords {}

[2016-04-20 23:15:32,357][8697][140242422363904][DEBUG][privacyidea.lib.realm:118] Entering realm_is_defined with arguments (u'zaxis',) and keywords {}

[2016-04-20 23:15:32,358][8697][140242422363904][DEBUG][privacyidea.lib.realm:118] Entering get_realms with arguments () and keywords {}

[2016-04-20 23:15:32,362][8697][140242422363904][DEBUG][privacyidea.lib.realm:129] Exiting get_realms with result {u'zaxis': {'default': True, 'resolver': [{'priority': 999L, 'type': u'ldapresolver', 'name': u'zaxis'}]}}

[2016-04-20 23:15:32,362][8697][140242422363904][DEBUG][privacyidea.lib.realm:129] Exiting realm_is_defined with result True

[2016-04-20 23:15:32,362][8697][140242422363904][DEBUG][privacyidea.lib.user:129] Exiting split_user with result (u'user98', u'zaxis')

[2016-04-20 23:15:32,362][8697][140242422363904][DEBUG][privacyidea.lib.user:118] Entering User with arguments () and keywords {'login': u'user98', 'realm': u'zaxis'}

[2016-04-20 23:15:32,362][8697][140242422363904][DEBUG][privacyidea.lib.user:118] Entering get_realm_resolvers with arguments (User(login=u'user98', realm=u'zaxis', resolver=''),) and keywords {}

[2016-04-20 23:15:32,362][8697][140242422363904][DEBUG][privacyidea.lib.realm:118] Entering get_realms with arguments (u'zaxis',) and keywords {}

[2016-04-20 23:15:32,370][8697][140242422363904][DEBUG][privacyidea.lib.realm:129] Exiting get_realms with result {u'zaxis': {'default': True, 'resolver': [{'priority': 999L, 'type': u'ldapresolver', 'name': u'zaxis'}]}}

[2016-04-20 23:15:32,370][8697][140242422363904][DEBUG][privacyidea.lib.user:129] Exiting get_realm_resolvers with result {u'zaxis': {'priority': 999L, 'type': u'ldapresolver'}}

[2016-04-20 23:15:32,370][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_object with arguments (u'zaxis',) and keywords {}

[2016-04-20 23:15:32,370][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_list with arguments () and keywords {'filter_resolver_name': u'zaxis'}

[2016-04-20 23:15:32,376][8697][140242422363904][DEBUG][privacyidea.lib.crypto:118] Entering decryptPassword with arguments (u'36fd2ba4d66c46ec3cf27f6d4a6150f9:f6bb0a6c5790e63e252bf7077b4df7cce85b70f14b1d814b3b22a3aaf5fad07e',) and keywords {}

[2016-04-20 23:15:32,377][8697][140242422363904][DEBUG][privacyidea.lib.crypto:131] Exiting decryptPassword with result HIDDEN

[2016-04-20 23:15:32,377][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_list with result {u'zaxis': {'data': {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}, 'type': u'ldapresolver', 'resolvername': u'zaxis'}}

[2016-04-20 23:15:32,377][8697][140242422363904][DEBUG][privacyidea.lib.config:118] Entering get_resolver_list with arguments () and keywords {}

[2016-04-20 23:15:32,377][8697][140242422363904][DEBUG][privacyidea.lib.config:421] None

[2016-04-20 23:15:32,378][8697][140242422363904][DEBUG][privacyidea.lib.config:129] Exiting get_resolver_list with result set(['privacyidea.lib.resolvers.PasswdIdResolver', 'privacyidea.lib.resolvers.SCIMIdResolver', 'privacyidea.lib.resolvers.SQLIdResolver', 'privacyidea.lib.resolvers.LDAPIdResolver'])

[2016-04-20 23:15:32,378][8697][140242422363904][DEBUG][privacyidea.lib.config:553] using the module list: set(['privacyidea.lib.resolvers.PasswdIdResolver', 'privacyidea.lib.resolvers.SCIMIdResolver', 'privacyidea.lib.resolvers.SQLIdResolver', 'privacyidea.lib.resolvers.LDAPIdResolver'])

[2016-04-20 23:15:32,378][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.PasswdIdResolver

[2016-04-20 23:15:32,378][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.SCIMIdResolver

[2016-04-20 23:15:32,378][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.SQLIdResolver

[2016-04-20 23:15:32,378][8697][140242422363904][DEBUG][privacyidea.lib.config:561] import module: privacyidea.lib.resolvers.LDAPIdResolver

[2016-04-20 23:15:32,378][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.PasswdIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc'>

[2016-04-20 23:15:32,379][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.SCIMIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc'>

[2016-04-20 23:15:32,379][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.SQLIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SQLIdResolver.pyc'>

[2016-04-20 23:15:32,379][8697][140242422363904][DEBUG][privacyidea.lib.config:374] module: <module 'privacyidea.lib.resolvers.LDAPIdResolver' from '/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc'>

[2016-04-20 23:15:32,379][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_config with arguments (u'zaxis',) and keywords {}

[2016-04-20 23:15:32,380][8697][140242422363904][DEBUG][privacyidea.lib.resolver:118] Entering get_resolver_list with arguments () and keywords {'filter_resolver_name': u'zaxis'}

[2016-04-20 23:15:32,388][8697][140242422363904][DEBUG][privacyidea.lib.crypto:118] Entering decryptPassword with arguments (u'36fd2ba4d66c46ec3cf27f6d4a6150f9:f6bb0a6c5790e63e252bf7077b4df7cce85b70f14b1d814b3b22a3aaf5fad07e',) and keywords {}

[2016-04-20 23:15:32,389][8697][140242422363904][DEBUG][privacyidea.lib.crypto:131] Exiting decryptPassword with result HIDDEN

[2016-04-20 23:15:32,390][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_list with result {u'zaxis': {'data': {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}, 'type': u'ldapresolver', 'resolvername': u'zaxis'}}

[2016-04-20 23:15:32,391][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_config with result {u'BINDDN': u'zaxis\\administrator', u'AUTHTYPE': u'Simple', u'LDAPFILTER': u'(&(sAMAccountName=%s)(objectClass=person))', u'LDAPBASE': u'cn=users,dc=zaxis,dc=local', u'LDAPURI': u'ldap://192.168.56.101', u'LDAPSEARCHFILTER': u'(sAMAccountName=*)(objectClass=person)', u'UIDTYPE': u'objectGUID', u'BINDPW': 'P@kistan1', u'USERINFO': u'{ "username": "sAMAccountName", "phone" : "telephoneNumber", "mobile" : "mobile", "email" : "mail", "surname" : "sn", "givenname" : "givenName" }', u'TIMEOUT': u'5', u'SIZELIMIT': u'500', u'SCOPE': u'SUBTREE', u'NOREFERRALS': u'1', u'LOGINNAMEATTRIBUTE': u'sAMAccountName'}

[2016-04-20 23:15:32,393][8697][140242422363904][DEBUG][privacyidea.lib.resolver:129] Exiting get_resolver_object with result <privacyidea.lib.resolvers.LDAPIdResolver.IdResolver object at 0x7f8c9eaa6050>

[2016-04-20 23:15:32,396][8697][140242422363904][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:535] Added 192.168.56.101, None, False to server pool.

[2016-04-20 23:15:32,408][8697][140242422363904][INFO][privacyidea.lib.user:188] user u'user98' found in resolver u'zaxis'

[2016-04-20 23:15:32,409][8697][140242422363904][INFO][privacyidea.lib.user:189] userid resolved to 'ac7997d2-5271-4e6e-aba1-39874ad601a3'

[2016-04-20 23:15:32,409][8697][140242422363904][DEBUG][privacyidea.lib.user:192] priority of the resolver is 999

[2016-04-20 23:15:32,409][8697][140242422363904][DEBUG][privacyidea.lib.user:193] The highest priority is 1000

[2016-04-20 23:15:32,409][8697][140242422363904][DEBUG][privacyidea.lib.user:129] Exiting User with result <user98.zaxis@zaxis>

[2016-04-20 23:15:32,471][8697][140242422363904][DEBUG][privacyidea.api.lib.utils:235] Can not get param: No JSON object could be decoded

Cornelius Kölbel

unread,

Apr 20, 2016, 2:53:14 PM4/20/16

to priva...@googlegroups.com

Hi,

how does you policy look like?
What behaviour do you expect and what do you see?

Kind regards
Cornelius

> --
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
> https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> Visit this group at https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/1c3a92e0-e772-4e3e-b76a-971d73703096%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc

Zia-ul-Hassan Siddique

unread,

Apr 20, 2016, 7:14:50 PM4/20/16

to privacyidea

Hi.

authentication { "passthru": "userstore", "otppin": "userstore" } [ "zaxis" ] [] [ "zaxis" ] []

i have tried a previous version of PI and there it was working as expected that WinPassword+TOTP was authenticated by PI.

This is not happening in current release

regards,

zia

Zia-ul-Hassan Siddique

unread,

Apr 20, 2016, 7:22:59 PM4/20/16

to privacyidea

error on radtest is

rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=221, length=35

Reply-Message = "wrong otp pin"

Total approved auths: 0

Total denied auths: 1

Total lost auths: 0

Cornelius Kölbel

unread,

Apr 21, 2016, 5:22:25 AM4/21/16

to priva...@googlegroups.com

Hi Zia,

there are some things you can please do to narrow down your issue:

1. please check the prepend PIN in the system settings. You could auth
with either <WinPW><OTP> or <OTP><WinPW>.

2. Check if authentication with OTP PIN works. (Remove otppin:userstore)

3. There is no need to specify the resolver or the realm unless you
have a complicated setup.

3a. Please remove the resolver from the policy

3b. Please remove the realm from the policy.

Kind regards
Cornelius

> https://groups.google.com/d/msgid/privacyidea/4ec957f8-8c80-45eb-886d-0e764d386f03%40googlegroups.com.

signature.asc

Zia-ul-Hassan Siddique

unread,

Apr 25, 2016, 2:43:41 AM4/25/16

to privacyidea

Hi,

I have done the guided steps.

PIN+OTP is its default.

LDAP+OTP is not working.

Pasthru works fine and LDAP Authentication is perfect.

i have tried posste append and pre-append, both work with PIN but not with LDAP when com bined with OTP.

following are the logs

[2016-04-25 11:33:59,710][1226][140569441117952][INFO][privacyidea.lib.user:188] user u'user3' found in resolver u'zaxis'

[2016-04-25 11:33:59,711][1226][140569441117952][INFO][privacyidea.lib.user:189] userid resolved to '3210bcb9-f581-4463-ae42-336a7c7392b6'

[2016-04-25 11:33:59,760][1226][140569441117952][INFO][privacyidea.lib.user:188] user u'user3' found in resolver u'zaxis'

[2016-04-25 11:33:59,761][1226][140569441117952][INFO][privacyidea.lib.user:189] userid resolved to '3210bcb9-f581-4463-ae42-336a7c7392b6'

[2016-04-25 11:33:59,799][1226][140569441117952][INFO][privacyidea.lib.user:188] user u'user3' found in resolver u'zaxis'

[2016-04-25 11:33:59,799][1226][140569441117952][INFO][privacyidea.lib.user:189] userid resolved to '3210bcb9-f581-4463-ae42-336a7c7392b6'

[2016-04-25 11:33:59,842][1226][140569441117952][INFO][privacyidea.lib.user:188] user u'user3' found in resolver u'zaxis'

[2016-04-25 11:33:59,842][1226][140569441117952][INFO][privacyidea.lib.user:189] userid resolved to '3210bcb9-f581-4463-ae42-336a7c7392b6'

[2016-04-25 11:33:59,983][1226][140569441117952][INFO][privacyidea.lib.user:328] User '' from realm u'zpi' tries to authenticate

[2016-04-25 11:34:00,006][1226][140569441117952][ERROR][privacyidea.lib.user:344] The user User(login=u'', realm=u'zpi', resolver='') exists in NO resolver.

[2016-04-25 11:34:00,082][1226][140569441117952][INFO][privacyidea.lib.user:188] user u'user3' found in resolver u'zaxis'

[2016-04-25 11:34:00,083][1226][140569441117952][INFO][privacyidea.lib.user:189] userid resolved to '3210bcb9-f581-4463-ae42-336a7c7392b6'

[2016-04-25 11:34:45,484][1226][140569474688768][INFO][privacyidea.lib.user:188] user u'user3' found in resolver u'zaxis'

[2016-04-25 11:34:45,484][1226][140569474688768][INFO][privacyidea.lib.user:189] userid resolved to '3210bcb9-f581-4463-ae42-336a7c7392b6'

[2016-04-25 11:34:45,525][1226][140569474688768][INFO][privacyidea.lib.user:188] user u'user3' found in resolver u'zaxis'

[2016-04-25 11:34:45,526][1226][140569474688768][INFO][privacyidea.lib.user:189] userid resolved to '3210bcb9-f581-4463-ae42-336a7c7392b6'

[2016-04-25 11:34:45,554][1226][140569474688768][INFO][privacyidea.lib.user:188] user u'user3' found in resolver u'zaxis'

[2016-04-25 11:34:45,555][1226][140569474688768][INFO][privacyidea.lib.user:189] userid resolved to '3210bcb9-f581-4463-ae42-336a7c7392b6'

[2016-04-25 11:34:45,589][1226][140569474688768][INFO][privacyidea.lib.user:188] user u'user3' found in resolver u'zaxis'

[2016-04-25 11:34:45,590][1226][140569474688768][INFO][privacyidea.lib.user:189] userid resolved to '3210bcb9-f581-4463-ae42-336a7c7392b6'

[2016-04-25 11:34:45,718][1226][140569474688768][INFO][privacyidea.lib.user:328] User '' from realm u'zpi' tries to authenticate

[2016-04-25 11:34:45,737][1226][140569474688768][ERROR][privacyidea.lib.user:344] The user User(login=u'', realm=u'zpi', resolver='') exists in NO resolver.

[2016-04-25 11:34:45,808][1226][140569474688768][INFO][privacyidea.lib.user:188] user u'user3' found in resolver u'zaxis'

[2016-04-25 11:34:45,809][1226][140569474688768][INFO][privacyidea.lib.user:189] userid resolved to '3210bcb9-f581-4463-ae42-336a7c7392b6'

I have used Ubuntu packages to install and configure as directed in "Documents".

Please help me in this regard,

Zia

Cornelius Kölbel

unread,

Apr 25, 2016, 4:30:03 AM4/25/16

to priva...@googlegroups.com

Hi Ziu,

I can not confirm that LDAP+OTP is not working.

So the question is, what is special at your setup.

I am confused by this error:

11:34:00,006][1226][140569441117952][ERROR][privacyidea.lib.user:344]
The user User(login=u'', realm=u'zpi', resolver='') exists in NO
resolver.

Did you also check via the API in the browser?
...or only via your application.

I you are representing a company you could order half an hour or an hour
remote session.

Kind regards
Cornelius

> https://groups.google.com/d/msgid/privacyidea/d01b2cdc-6451-4640-b996-3a7e23c9594b%40googlegroups.com.

signature.asc

Zia-ul-Hassan Siddique

unread,

Apr 26, 2016, 9:44:47 AM4/26/16

to privacyidea

I am doing a PoC install which may lead different sensitive institutes to deploy and hence get SLA at larg scale if PoC is proven to them. Purchasing remote access support is currently out of scope due to access level restrictions of the environment till higher Ops are willing to deploy it in production.

I have tried the same with web based "Tocken Check" option in PI Web page..... Results was "wrong OTP Pin".

Is it possible to deploy older versions of PI for R&D for comparative analysis?

Best Regards,

Zia

Cornelius Kölbel

unread,

Apr 26, 2016, 10:12:18 AM4/26/16

to priva...@googlegroups.com

Hi Zia,

unforutnately you did not answer my question.
It is hard to help you, if I only get 50% of information I requested.
This is why the best way is, to take a look at it.

Your problem is uncommon and not reproducable. You are having an error
in the log, which usually would not occur! So we need to take the look.
(Or you need to dig into it yourself. My crystal ball is broken)
I very much assume, that you configured something wrong.
Honestly, what are you expecting with the information you are providing?

Get a workshop. In a remote session in a non-sensitive environment. Then
we might realize, what was misconfigured.

Kind regards
Cornelius

> https://groups.google.com/d/msgid/privacyidea/64a4c599-6cf2-4080-9df1-3316f8464329%40googlegroups.com.

signature.asc

Zia-ul-Hassan Siddique

unread,

May 2, 2016, 10:03:22 AM5/2/16

to privacyidea

Dear Cornelius,

I admire your patience and content support. I have tried pi-manage validate option which works fine with following console output.

Using PI_LOGFILE /var/log/privacyidea/privacyidea.log.

_ _______ _______

___ ____(_) _____ _______ __/ _/ _ \/ __/ _ |

/ _ \/ __/ / |/ / _ `/ __/ // // // // / _// __ |

/ .__/_/ /_/|___/\_,_/\__/\_, /___/____/___/_/ |_|

/_/ /___/

/usr/lib/python2.7/dist-packages/sqlalchemy/engine/default.py:459: SAWarning: Unicode type received non-unicode bind param value

param.append(processors[key](compiled_params[key]))

RESULT=True

DETAILS={'serial': u'TOTP0000B35A', 'type': u'totp', 'message': 'matching 1 tokens'}

root@authz:~#

but this is not in case if i try same login via radius. However radius works fine with pasthru or tpin+otp but causes trouble only with ADPASS+OTP

--------------------------

i have tried ubuntu lts 14.04 and PI with apache2......

Should i try some other OS or Install method?

Kind Regards,

Zia

[2016-05-02 17:31:00,898][1956][139634842126144][DEBUG][privacyidea.models:118] Entering get_otpkey with arguments (<<class 'privacyidea.models.Token'> {"'active'": 'True', "'count_window'": '20L', "'key_enc'": "u'0c9b6517a5838f66ec3480148371b8e2a1ba454132d49d95f9afaf7f8eb85ca4068e952659e788ace4f339b4b494c130e5f212a60ed8fad4b7784013b498c049c465333e5bc12cef8aedc614b2f530ba347bd13322c8d934489e9a9e098b5a25'", "'pin_hash'": "u'45c72af9c5fde577372ab4dd9dfaadd7e12f0bdf8e131268d3ce5440a77c7929'", "'so_pin'": "u''", "'user_id'": "u'4660a08f-af03-453c-9f2e-f93ddf7cb8a3'", "'otplen'": '6L', "'so_pin_iv'": "u''", "'serial'": "u'TOTP0000B35A'", "'revoked'": 'False', "'locked'": 'False', "'maxfail'": '1000L', "'realm_list'": '[<privacyidea.models.TokenRealm object at 0x7eff34982e50>]', "'count'": '48737514L', "'pin_seed'": "u'a4c108baf9695ce91bed8e9b0780285b'", "'sync_window'": '1000L', "'description'": "u''", "'resolver_type'": "u'ldapresolver'", "'user_pin_iv'": "u''", "'user_pin'": "u''", "'rollout_state'": "u''", "'failcount'": '6L', "'_sa_instance_state'": '<sqlalchemy.orm.state.InstanceState object at 0x7eff34a53850>', "'id'": '4L', "'resolver'": "u'localhost'", "'key_iv'": "u'78b0b4e1331878cdfe5094366a856d38'", "'tokentype'": "u'totp'"}>,) and keywords {}

[2016-05-02 17:31:00,899][1956][139634842126144][DEBUG][privacyidea.models:129] Exiting get_otpkey with result <privacyidea.lib.crypto.SecretObj object at 0x7eff34941350>

[2016-05-02 17:31:00,961][1956][139634842126144][DEBUG][privacyidea.lib.tokens.HMAC:118] Entering checkOtp with arguments (<privacyidea.lib.tokens.HMAC.HmacOtp object at 0x7eff3494ed90>, u'528864', 6) and keywords {'symetric': True}

[2016-05-02 17:31:00,961][1956][139634842126144][DEBUG][privacyidea.lib.tokens.HMAC:145] OTP range counter: 48739735 - 48739747

[2016-05-02 17:31:00,961][1956][139634842126144][DEBUG][privacyidea.lib.crypto:118] Entering decrypt with arguments ('\x0c\x9be\x17\xa5\x83\x8ff\xec4\x80\x14\x83q\xb8\xe2\xa1\xbaEA2\xd4\x9d\x95\xf9\xaf\xaf\x7f\x8e\xb8\\\xa4\x06\x8e\x95&Y\xe7\x88\xac\xe4\xf39\xb4\xb4\x94\xc10\xe5\xf2\x12\xa6\x0e\xd8\xfa\xd4\xb7x@\x13\xb4\x98\xc0I\xc4e3>[\xc1,\xef\x8a\xed\xc6\x14\xb2\xf50\xba4{\xd13"\xc8\xd94H\x9e\x9a\x9e\t\x8bZ%', 'x\xb0\xb4\xe13\x18x\xcd\xfeP\x946j\x85m8') and keywords {}

[2016-05-02 17:31:00,962][1956][139634842126144][DEBUG][privacyidea.lib.crypto:131] Exiting decrypt with result HIDDEN

[2016-05-02 17:31:00,962][1956][139634842126144][DEBUG][privacyidea.lib.tokens.HMAC:149] calculating counter 48739735: u'528864' '293480'

[2016-05-02 17:31:00,962][1956][139634842126144][DEBUG][privacyidea.lib.tokens.HMAC:149] calculating counter 48739736: u'528864' '515118'

[2016-05-02 17:31:00,962][1956][139634842126144][DEBUG][privacyidea.lib.tokens.HMAC:149] calculating counter 48739737: u'528864' '642527'

[2016-05-02 17:31:00,963][1956][139634842126144][DEBUG][privacyidea.lib.tokens.HMAC:149] calculating counter 48739738: u'528864' '598887'

[2016-05-02 17:31:00,963][1956][139634842126144][DEBUG][privacyidea.lib.tokens.HMAC:149] calculating counter 48739739: u'528864' '835559'

[2016-05-02 17:31:00,963][1956][139634842126144][DEBUG][privacyidea.lib.tokens.HMAC:149] calculating counter 48739740: u'528864' '224614'

[2016-05-02 17:31:00,964][1956][139634842126144][DEBUG][privacyidea.lib.tokens.HMAC:149] calculating counter 48739741: u'528864' '528864'

[2016-05-02 17:31:00,965][1956][139634842126144][DEBUG][privacyidea.lib.tokens.HMAC:129] Exiting checkOtp with result 48739741

[2016-05-02 17:31:00,994][1956][139634842126144][DEBUG][privacyidea.lib.tokens.totptoken:347] last auth : datetime.datetime(2016, 5, 1, 22, 56, 45)

[2016-05-02 17:31:00,995][1956][139634842126144][DEBUG][privacyidea.lib.tokens.totptoken:348] tokentime : datetime.datetime(2016, 5, 2, 17, 30, 15)

[2016-05-02 17:31:00,995][1956][139634842126144][DEBUG][privacyidea.lib.tokens.totptoken:349] now : datetime.datetime(2016, 5, 2, 17, 31)

[2016-05-02 17:31:00,995][1956][139634842126144][DEBUG][privacyidea.lib.tokens.totptoken:350] delta : -45.0

[2016-05-02 17:31:00,995][1956][139634842126144][DEBUG][privacyidea.lib.tokens.totptoken:354] the counter 48739741 matched. New shift: -45.0

[2016-05-02 17:31:01,116][1956][139634842126144][DEBUG][privacyidea.lib.token:129] Exiting check_token_list with result (True, {'serial': u'TOTP0000B35A', 'type': u'totp', 'message': 'matching 1 tokens'})

[2016-05-02 17:31:01,117][1956][139634842126144][DEBUG][privacyidea.lib.token:129] Exiting check_user_pass with result (True, {'serial': u'TOTP0000B35A', 'type': u'totp', 'message': 'matching 1 tokens'})

Cornelius Kölbel

unread,

May 2, 2016, 10:12:52 AM5/2/16

to privacyidea

Hi Zia,

thanks a lot.
Some claimed I would als do a good social worker.
Interesting. In fact I am a community worker ;-)
...at least for privacyIDEA community.

So you are telling that your authentication against privacyIDEA with
LDAP+OTP works fine. But not with radius.

I have a feeling here: Could it be that you have some characters in your
LDAP-password that break the freeradius module/plugin...?

If authentication with LDAP+OTP works within privacyIDEA but not in
RADIUS, then the problem must be located in the RADIUS server/plugin.
And the first thing I would think of is the one mentioned above.
So please try with a "simple" LDAP password.

Kind regards
Cornelius

> https://groups.google.com/d/msgid/privacyidea/bc04f6f3-3af2-4954-b9a6-38c44e2018d1%40googlegroups.com.