Authentication work well from freeradius file but not work from privacyidea!

Ehab · August 10, 2024, 10:42pm

I have misconfig that take along time from me.
first i have install ubuntu 20 then i installed privacyidea 3.0 continua with editing /etc/privacyidea/3.0/client.config

and added my paloalto & Sophos firewalls for testing:


client PA-VM {
      ipaddr           = 192.168.120.100
      secret           = testing123
}

client sophos {
      ipaddr           = 192.168.120.150
      secret           = testing123
}

but i can only verify with the test user existing in /etc/freeradius/3.0/users… its work ok as a connection test but i still don’t know how to create admin user to user OTP from privacyidea when logining on paloalto and sophos… what tell ubuntu to user privacyidea not freeradius??

cornelinux · August 11, 2024, 6:25pm

You can easily install the ubuntu packate privacyidea-radius.

Then read 14. Application Plugins — privacyIDEA 3.10dev1 documentation

Ehab · August 12, 2024, 12:59pm

Thank you for replying,
Now i can see the otp screen after login on palo alto, but when type the otp code it keep loading and go on “timed out” message. i think i miss some configuration in privacyidea policy or what the next step after typing otp " this the problem".

cornelinux · August 13, 2024, 12:32pm

It could be that your request does not even reach privacyIDEA.

“Timed out” would often be a network issue.

Ehab · August 13, 2024, 1:16pm

ok, how can i troubleshoot this?

note: I can login in CLI mode with Radius user OTP and its worked, and i can login to configuration mood. but with palo GUI it keep loading…
note : its VMware workstation environment for test then implement later on real environment.

Ehab · August 14, 2024, 9:36am

Updates :
it works well when i installed old version of Paloalto vm. i was installed version 11 then i installed version 10 it works ok Gui and Cli. idon’t know why but it seam that respond didn’t meet challenge!!