Getting 400 BAD Request ERR 904 on Ubuntu 18

Question
1

I installed privacyidea 3.0 on a Ubuntu 18 and use almost the same configuration like on our Ubuntu 16. I configured LDAP resolver for our AD and created realms. Also policies are in place. I can logon as admin with my AD account and roll out tokens for other AD users. On the token view I can check OTP value and complete passwort and OTP value and both will be validated.
If i run a radclient test against the freeradius on the same machine I always get an request failed 400 BAD Request and as error message Err904: The user can not be found in any resolver in this realm! I checked in debug mode and all values transfered looking good. I double checked this with our system on Ubuntu 16 where validation works as expected.
Have anyone a clue what the reason for the Bad Request or where I can start to dig in. Any help is really welcome.

Best regards

Funky

2

Hi and welcome to the forum,

could You give us some more information? The privacyIDEA log, the Audit log of this specific request, the webserver logs? Usually the authentication via RADIUS should be the same in 2.23 and 3.0.
Regards

Paul

3

Hi,

There is no entry in the Audit log for a request from Radius. In the apache logs I can’t see any specific informations and here ist the privacyidea log.

[DEBUG][privacyidea.api.before_after:82] Begin handling of request u’/validate/check?’
[DEBUG][privacyidea.lib.config:78] The singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[DEBUG][privacyidea.api.lib.utils:219] Can not get param: No JSON object could be decoded
[DEBUG][privacyidea.lib.user:185] Entering get_user_from_param with arguments ({‘resConf’: u’raysono.int’, ‘client’: u’172.16.148.32’, ‘realm’: u’raysono.int\t’, ‘user’: u’raysono\gptest’, ‘pass’: u’Elfmeter111’},) and keywords {}
[DEBUG][privacyidea.lib.config:185] Entering get_from_config with arguments (‘splitAtSign’,) and keywords {‘default’: False, ‘return_bool’: True}
[DEBUG][privacyidea.lib.config:78] The singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[DEBUG][privacyidea.lib.config:197] Exiting get_from_config with result True
[DEBUG][privacyidea.lib.user:185] Entering split_user with arguments (u’raysono\gptest’,) and keywords {}
[DEBUG][privacyidea.lib.user:197] Exiting split_user with result (u’gptest’, u’raysono’)
[DEBUG][privacyidea.lib.user:185] Entering User with arguments () and keywords {‘login’: u’gptest’, ‘realm’: u’raysono.int\t’, ‘resolver’: None}
[DEBUG][privacyidea.lib.config:185] Entering get_from_config with arguments (‘UserCacheExpiration’, ‘0’) and keywords {}
[DEBUG][privacyidea.lib.config:78] The singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[DEBUG][privacyidea.lib.config:197] Exiting get_from_config with result 0
[DEBUG][privacyidea.lib.user:185] Entering get_ordererd_resolvers with arguments (User(login=u’gptest’, realm=u’raysono.int\t’, resolver=’’),) and keywords {}
[DEBUG][privacyidea.lib.realm:185] Entering get_realms with arguments (u’raysono.int\t’,) and keywords {}
[DEBUG][privacyidea.lib.config:78] The singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[DEBUG][privacyidea.lib.realm:197] Exiting get_realms with result {}
[DEBUG][privacyidea.lib.user:197] Exiting get_ordererd_resolvers with result []
[DEBUG][privacyidea.lib.resolver:185] Entering get_resolver_list with arguments () and keywords {‘filter_resolver_name’: ‘’}
[DEBUG][privacyidea.lib.config:78] The singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[DEBUG][privacyidea.lib.resolver:199] Exiting get_resolver_list with result HIDDEN
[DEBUG][privacyidea.lib.user:197] Exiting User with result <gptest@raysono.int >
[DEBUG][privacyidea.lib.user:197] Exiting get_user_from_param with result <gptest@raysono.int >
[DEBUG][privacyidea.lib.config:78] The singleton <class ‘privacyidea.lib.policy.PolicyClass’> already exists.
[DEBUG][privacyidea.lib.audit:188] Entering getAudit with arguments HIDDEN and keywords HIDDEN
[DEBUG][privacyidea.lib.utils:1110] klass: <class ‘privacyidea.lib.auditmodules.sqlaudit.Audit’>
[DEBUG][privacyidea.lib.auditmodules.base:185] Entering read_keys with arguments (<privacyidea.lib.auditmodules.sqlaudit.Audit object at 0x7f6dd90caf90>, ‘/etc/privacyidea/public.pem’, ‘/etc/privacyidea/private.pem’) and keywords {}
[DEBUG][privacyidea.lib.auditmodules.base:197] Exiting read_keys with result None
[DEBUG][privacyidea.lib.audit:197] Exiting getAudit with result <privacyidea.lib.auditmodules.sqlaudit.Audit object at 0x7f6dd90caf90>
[DEBUG][privacyidea.lib.config:185] Entering get_from_config with arguments (‘OverrideAuthorizationClient’,) and keywords {}
[DEBUG][privacyidea.lib.config:78] The singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[DEBUG][privacyidea.lib.config:197] Exiting get_from_config with result None
[WARNING][privacyidea.lib.utils:636] Proxy ::1 not allowed to set IP to 172.16.148.32.
[DEBUG][privacyidea.lib.auditmodules.base:185] Entering log with arguments (<privacyidea.lib.auditmodules.sqlaudit.Audit object at 0x7f6dd90caf90>, {‘info’: ‘’, ‘success’: False, ‘privacyidea_server’: ‘localhost’, ‘client_user_agent’: None, ‘client’: ‘::1’, ‘action_detail’: ‘’, ‘action’: ‘POST /validate/check’}) and keywords {}
[DEBUG][privacyidea.lib.auditmodules.base:197] Exiting log with result None
[DEBUG][privacyidea.lib.policy:185] Entering get_action_values with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7f6ddaaee690>, ‘setrealm’) and keywords {‘scope’: ‘authorization’, ‘audit_data’: {‘info’: ‘’, ‘success’: False, ‘privacyidea_server’: ‘localhost’, ‘client_user_agent’: None, ‘client’: ‘::1’, ‘action_detail’: ‘’, ‘action’: ‘POST /validate/check’}, ‘client’: ‘::1’, ‘realm’: u’raysono.int\t’, ‘user’: u’gptest’}
[DEBUG][privacyidea.lib.policy:185] Entering get_policies with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7f6ddaaee690>,) and keywords {‘realm’: u’raysono.int\t’, ‘sort_by_priority’: True, ‘active’: True, ‘client’: ‘::1’, ‘user’: u’gptest’, ‘resolver’: None, ‘action’: ‘setrealm’, ‘scope’: ‘authorization’, ‘adminrealm’: None}
[DEBUG][privacyidea.lib.policy:500] Policies after matching time: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’Webui’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True, u’logout_time’: u’300’}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’testgruppe’, u’rsadmins’], ‘active’: True, ‘adminr
[DEBUG][privacyidea.lib.policy:510] Policies after matching active: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’Webui’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True, u’logout_time’: u’300’}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’testgruppe’, u’rsadmins’], ‘active’: True, ‘admi
[DEBUG][privacyidea.lib.policy:510] Policies after matching scope: [{‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’rsadmins’], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [u’raysono’, u’rsadmins’], ‘name’: u’AuthorizationRS’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: True, ‘action’: {u’add_resolver_in_response’: True, u’tokentype’: u’totp’}, ‘scope’: u’authorization’}]
[DEBUG][privacyidea.lib.policy:534] Policies after matching action: []
[DEBUG][privacyidea.lib.policy:534] Policies after matching user: []
[DEBUG][privacyidea.lib.policy:534] Policies after matching realm: []
[DEBUG][privacyidea.lib.policy:597] Policies after matching client
[DEBUG][privacyidea.lib.policy:197] Exiting get_policies with result []
[DEBUG][privacyidea.lib.policy:197] Exiting get_action_values with result {}
[DEBUG][privacyidea.lib.policy:185] Entering get_action_values with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7f6ddaaee690>, ‘mangle’) and keywords {‘scope’: ‘authentication’, ‘client’: ‘::1’, ‘realm’: u’raysono.int\t’, ‘user’: u’gptest’}
[DEBUG][privacyidea.lib.policy:185] Entering get_policies with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7f6ddaaee690>,) and keywords {‘realm’: u’raysono.int\t’, ‘sort_by_priority’: True, ‘active’: True, ‘client’: ‘::1’, ‘user’: u’gptest’, ‘resolver’: None, ‘action’: ‘mangle’, ‘scope’: ‘authentication’, ‘adminrealm’: None}
[DEBUG][privacyidea.lib.policy:500] Policies after matching time: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’Webui’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True, u’logout_time’: u’300’}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’testgruppe’, u’rsadmins’], ‘active’: True, ‘adminr
[DEBUG][privacyidea.lib.policy:510] Policies after matching active: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’Webui’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True, u’logout_time’: u’300’}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’testgruppe’, u’rsadmins’], ‘active’: True, ‘admi
[DEBUG][privacyidea.lib.policy:510] Policies after matching scope: [{‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’rsadmins’], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [u’raysono’, u’rsadmins’], ‘name’: u’AuthenticationRS’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: True, ‘action’: {u’challenge_response’: u’totp’, u’otppin’: u’userstore’}, ‘scope’: u’authentication’}, {‘time’: u’’, ‘user’: [], ‘resol
[DEBUG][privacyidea.lib.policy:534] Policies after matching action: []
[DEBUG][privacyidea.lib.policy:534] Policies after matching user: []
[DEBUG][privacyidea.lib.policy:534] Policies after matching realm: []
[DEBUG][privacyidea.lib.policy:597] Policies after matching client
[DEBUG][privacyidea.lib.policy:197] Exiting get_policies with result []
[DEBUG][privacyidea.lib.policy:197] Exiting get_action_values with result {}
[DEBUG][privacyidea.lib.clientapplication:185] Entering save_clientapplication with arguments (’::1’, ‘FreeRADIUS’) and keywords {}
[DEBUG][privacyidea.lib.clientapplication:197] Exiting save_clientapplication with result 2
[DEBUG][privacyidea.lib.policy:185] Entering get_policies with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7f6ddaaee690>,) and keywords {‘audit_data’: {‘info’: ‘’, ‘success’: False, ‘privacyidea_server’: ‘localhost’, ‘client_user_agent’: None, ‘client’: ‘::1’, ‘action_detail’: ‘’, ‘action’: ‘POST /validate/check’}, ‘realm’: u’raysono.int\t’, ‘active’: True, ‘client’: ‘::1’, ‘user’: u’gptest’, ‘action’: ‘api_key_requir
[DEBUG][privacyidea.lib.policy:500] Policies after matching time: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’Webui’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True, u’logout_time’: u’300’}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’testgruppe’, u’rsadmins’], ‘active’: True, ‘adminr
[DEBUG][privacyidea.lib.policy:510] Policies after matching active: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’Webui’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True, u’logout_time’: u’300’}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’testgruppe’, u’rsadmins’], ‘active’: True, ‘admi
[DEBUG][privacyidea.lib.policy:510] Policies after matching scope: [{‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’rsadmins’], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [u’raysono’, u’rsadmins’], ‘name’: u’AuthorizationRS’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: True, ‘action’: {u’add_resolver_in_response’: True, u’tokentype’: u’totp’}, ‘scope’: u’authorization’}]
[DEBUG][privacyidea.lib.policy:534] Policies after matching action: []
[DEBUG][privacyidea.lib.policy:534] Policies after matching user: []
[DEBUG][privacyidea.lib.policy:534] Policies after matching realm: []
[DEBUG][privacyidea.lib.policy:597] Policies after matching client
[DEBUG][privacyidea.lib.policy:197] Exiting get_policies with result []
[DEBUG][privacyidea.lib.auditmodules.base:185] Entering log with arguments (<privacyidea.lib.auditmodules.sqlaudit.Audit object at 0x7f6dd90caf90>, {‘realm’: u’raysono.int\t’, ‘user’: u’gptest’, ‘resolver’: ‘’}) and keywords {}
[DEBUG][privacyidea.lib.auditmodules.base:197] Exiting log with result None
[DEBUG][privacyidea.lib.policy:185] Entering get_action_values with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7f6ddaaee690>,) and keywords {‘realm’: u’raysono.int\t’, ‘client’: ‘::1’, ‘user’: u’gptest’, ‘resolver’: ‘’, ‘action’: ‘auth_cache’, ‘scope’: ‘authentication’, ‘unique’: True}
[DEBUG][privacyidea.lib.policy:185] Entering get_policies with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7f6ddaaee690>,) and keywords {‘realm’: u’raysono.int\t’, ‘sort_by_priority’: True, ‘active’: True, ‘client’: ‘::1’, ‘user’: u’gptest’, ‘resolver’: ‘’, ‘action’: ‘auth_cache’, ‘scope’: ‘authentication’, ‘adminrealm’: None}
[DEBUG][privacyidea.lib.policy:500] Policies after matching time: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’Webui’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True, u’logout_time’: u’300’}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’testgruppe’, u’rsadmins’], ‘active’: True, ‘adminr
[DEBUG][privacyidea.lib.policy:510] Policies after matching active: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’Webui’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True, u’logout_time’: u’300’}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’testgruppe’, u’rsadmins’], ‘active’: True, ‘admi
[DEBUG][privacyidea.lib.policy:510] Policies after matching scope: [{‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’rsadmins’], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [u’raysono’, u’rsadmins’], ‘name’: u’AuthenticationRS’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: True, ‘action’: {u’challenge_response’: u’totp’, u’otppin’: u’userstore’}, ‘scope’: u’authentication’}, {‘time’: u’’, ‘user’: [], ‘resol
[DEBUG][privacyidea.lib.policy:534] Policies after matching action: []
[DEBUG][privacyidea.lib.policy:534] Policies after matching user: []
[DEBUG][privacyidea.lib.policy:534] Policies after matching realm: []
[DEBUG][privacyidea.lib.policy:569] Policies after matching resolver: []
[DEBUG][privacyidea.lib.policy:597] Policies after matching client
[DEBUG][privacyidea.lib.policy:197] Exiting get_policies with result []
[DEBUG][privacyidea.lib.policy:197] Exiting get_action_values with result {}
[DEBUG][privacyidea.lib.policy:185] Entering get_policies with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7f6ddaaee690>,) and keywords {‘realm’: u’raysono.int\t’, ‘active’: True, ‘client’: ‘::1’, ‘user’: u’gptest’, ‘resolver’: ‘’, ‘action’: ‘passOnNoUser’, ‘scope’: ‘authentication’}
[DEBUG][privacyidea.lib.policy:500] Policies after matching time: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’Webui’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True, u’logout_time’: u’300’}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’testgruppe’, u’rsadmins’], ‘active’: True, ‘adminr
[DEBUG][privacyidea.lib.policy:510] Policies after matching active: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’Webui’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True, u’logout_time’: u’300’}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’testgruppe’, u’rsadmins’], ‘active’: True, ‘admi
[DEBUG][privacyidea.lib.policy:510] Policies after matching scope: [{‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’rsadmins’], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [u’raysono’, u’rsadmins’], ‘name’: u’AuthenticationRS’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: True, ‘action’: {u’challenge_response’: u’totp’, u’otppin’: u’userstore’}, ‘scope’: u’authentication’}, {‘time’: u’’, ‘user’: [], ‘resol
[DEBUG][privacyidea.lib.policy:534] Policies after matching action: []
[DEBUG][privacyidea.lib.policy:534] Policies after matching user: []
[DEBUG][privacyidea.lib.policy:534] Policies after matching realm: []
[DEBUG][privacyidea.lib.policy:569] Policies after matching resolver: []
[DEBUG][privacyidea.lib.policy:597] Policies after matching client
[DEBUG][privacyidea.lib.policy:197] Exiting get_policies with result []
[DEBUG][privacyidea.lib.policy:185] Entering get_policies with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7f6ddaaee690>,) and keywords {‘realm’: u’raysono.int\t’, ‘active’: True, ‘client’: ‘::1’, ‘user’: u’gptest’, ‘resolver’: ‘’, ‘action’: ‘passOnNoToken’, ‘scope’: ‘authentication’}
[DEBUG][privacyidea.lib.policy:500] Policies after matching time: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’Webui’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True, u’logout_time’: u’300’}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’testgruppe’, u’rsadmins’], ‘active’: True, ‘adminr
[DEBUG][privacyidea.lib.policy:510] Policies after matching active: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’Webui’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True, u’logout_time’: u’300’}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’testgruppe’, u’rsadmins’], ‘active’: True, ‘admi
[DEBUG][privacyidea.lib.policy:510] Policies after matching scope: [{‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’rsadmins’], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [u’raysono’, u’rsadmins’], ‘name’: u’AuthenticationRS’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: True, ‘action’: {u’challenge_response’: u’totp’, u’otppin’: u’userstore’}, ‘scope’: u’authentication’}, {‘time’: u’’, ‘user’: [], ‘resol
[DEBUG][privacyidea.lib.policy:534] Policies after matching action: []
[DEBUG][privacyidea.lib.policy:534] Policies after matching user: []
[DEBUG][privacyidea.lib.policy:534] Policies after matching realm: []
[DEBUG][privacyidea.lib.policy:569] Policies after matching resolver: []
[DEBUG][privacyidea.lib.policy:597] Policies after matching client
[DEBUG][privacyidea.lib.policy:197] Exiting get_policies with result []
[DEBUG][privacyidea.lib.policy:185] Entering get_policies with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7f6ddaaee690>,) and keywords {‘realm’: u’raysono.int\t’, ‘sort_by_priority’: True, ‘active’: True, ‘client’: ‘::1’, ‘user’: u’gptest’, ‘resolver’: ‘’, ‘action’: ‘passthru’, ‘scope’: ‘authentication’}
[DEBUG][privacyidea.lib.policy:500] Policies after matching time: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’Webui’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True, u’logout_time’: u’300’}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’testgruppe’, u’rsadmins’], ‘active’: True, ‘adminr
[DEBUG][privacyidea.lib.policy:510] Policies after matching active: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’Webui’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True, u’logout_time’: u’300’}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’testgruppe’, u’rsadmins’], ‘active’: True, ‘admi
[DEBUG][privacyidea.lib.policy:510] Policies after matching scope: [{‘time’: u’’, ‘user’: [], ‘resolver’: [u’raysono’, u’rsadmins’], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [u’raysono’, u’rsadmins’], ‘name’: u’AuthenticationRS’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: True, ‘action’: {u’challenge_response’: u’totp’, u’otppin’: u’userstore’}, ‘scope’: u’authentication’}, {‘time’: u’’, ‘user’: [], ‘resol
[DEBUG][privacyidea.lib.policy:534] Policies after matching action: []
[DEBUG][privacyidea.lib.policy:534] Policies after matching user: []
[DEBUG][privacyidea.lib.policy:534] Policies after matching realm: []
[DEBUG][privacyidea.lib.policy:569] Policies after matching resolver: []
[DEBUG][privacyidea.lib.policy:597] Policies after matching client
[DEBUG][privacyidea.lib.policy:197] Exiting get_policies with result []
[DEBUG][privacyidea.lib.token:185] Entering check_user_pass with arguments () and keywords {}
[DEBUG][privacyidea.lib.token:185] Entering get_tokens with arguments () and keywords {‘user’: User(login=u’gptest’, realm=u’raysono.int\t’, resolver=’’)}
[DEBUG][privacyidea.lib.auditmodules.base:185] Entering log with arguments (<privacyidea.lib.auditmodules.sqlaudit.Audit object at 0x7f6dd90caf90>, {‘info’: u’ERR904: The user can not be found in any resolver in this realm!’}) and keywords {}
[DEBUG][privacyidea.lib.auditmodules.base:197] Exiting log with result None
[DEBUG][privacyidea.api.lib.utils:219] Can not get param: No JSON object could be decoded
[DEBUG][privacyidea.api.lib.utils:219] Can not get param: No JSON object could be decoded
[DEBUG][privacyidea.api.before_after:88] End handling of request u’/validate/check?’
Best regards

Robert

4

Your realm as sent to privacyidea is “raysono.int\t”.
Are you sure you called your realm in privacyIDEA with a “tab” at the end.

You need to check your radius client, your radius server config - did you configure a default realm?
Guys, you should really provide more information.
And honestly, when gathering this information you will probably find the explanation to the problem yourself.