I’ve had a few users with OLDER (PI-3.1.7?) HOTPs.
They’ve provisioned new tokens (PI-3.2.2), but RADIUS authentication fails each time with the new token.
What seemed to finally make it work was to REVOKE the 3.1.7 token, not DISABLE.
Is this worth chasing down?
I just encountered the same issue in thread PrivacyIDEA 3.2.2 Freeradius Returns 500 Error. Although my tokens came from a “newer” old version of PI, I believe 3.0 or 3.1. I resolved it by just deleted the problem tokens all together.
Well, I did have problems with the database migration during the upgrade. Perhaps it was related.
I have noticed through my haphazard hack and slash upgrades of PrivacyIDEA that you have to do it exactly as documented or it all goes sideways very fast. I like to keep my applications as up-to-date as I can but PrivacyIDEA is one of those apps that goes into the “Leave it alone unless you REALLY need to touch it” folder. Great application, super versatile…just finicky and easily broken.