'Re: Google authenticator : Access-Reject'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Google authenticator  :  Access-Reject
From:       <servernemesis () tutanota ! com>
Date:       2018-04-24 10:34:03
Message-ID: LArCu_q--3-0 () tutanota ! com
[Download RAW message or body]

I log with the fqdn (use_fully_qualified_names true in sssd)
But I tried without and same problem.

> 
Try radtest without @doman part, as It is not part of usernameEero
24. Avr 2018 12:08 de servernemesis@tutanota.com <mailto:servernemesis@tutanota.com>:


> PS :
> With this line in /etc/pam.d/sshd :
> "auth required  /usr/local/lib/security/pam_google_authenticator.so"
> I'm able to do ssh login with my google auth code.
> 
> 
> 24. Avr 2018 11:48 de > servernemesis@tutanota.com \
> <mailto:servernemesis@tutanota.com>> : 
> 
> > 
> > Hello,
> > 
> > I followed this tutorial (>> \
> > https://www.techdrabble.com/citrix/14-2factor-with-google-authenticator-and-netscaler \
> > <https://www.techdrabble.com/citrix/14-2factor-with-google-authenticator-and-netscaler>>> \
> > ) and managed to get it running on Debian 9 with FR 3.0.12 thanks to the help \
> > here. But I have another issue : when I try to authenticate with password + \
> > googleauth code, I got rejected. I'm able to log on the FR server with domain \
> > credentials without problem. The google auth code gets generated without issue \
> > either. 
> > Radtest:
> > radtest >> user@mydomain.com <mailto:user@mydomain.com>>>  password123456 \
> > localhost 18120 testing123 Sent Access-Request Id 226 from 0.0.0.0:38763 to \
> > 127.0.0.1:1812 length 92 User-Name = ">> user@mydomain.com \
> > <mailto:user@mydomain.com>>> " User-Password = "password123456"
> > NAS-IP-Address = 127.0.1.1
> > NAS-Port = 18120
> > Message-Authenticator = 0x00
> > Cleartext-Password = "password123456"
> > Received Access-Reject Id 226 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
> > (0) -: Expected Access-Accept got Access-Reject
> > 
> > 
> > Log:
> > Ready to process requests
> > Waking up in 0.3 seconds.
> > (0) Received Access-Request Id 226 from 127.0.0.1:38763 to 127.0.0.1:1812 length \
> > 92 (0)   User-Name = ">> user@mydomain.com <mailto:user@mydomain.com>>> "
> > (0)   User-Password = "password123456"
> > (0)   NAS-IP-Address = 127.0.1.1
> > (0)   NAS-Port = 18120
> > (0)   Message-Authenticator = 0x53b836642c653e776b0d9f8a542fca3a
> > (0) # Executing section authorize from file \
> > /etc/freeradius/3.0/sites-enabled/default (0) pap: WARNING: No "known good" \
> > password found for the user.  Not setting Auth-Type (0) pap: WARNING: \
> > Authentication will fail unless a "known good" password is available (0) # \
> > Executing group from file /etc/freeradius/3.0/sites-enabled/default Waking up in \
> > 0.3 seconds. Waking up in 0.2 seconds.
> > (0) pam: ERROR: pam_authenticate failed: Authentication failure
> > (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
> > Waking up in 0.7 seconds.
> > (0) Sent Access-Reject Id 226 from 127.0.0.1:1812 to 127.0.0.1:38763 length 20
> > Waking up in 3.9 seconds.
> > Ready to process requests
> > 
> > Regards
> > 
> > 
> > 
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic