we are just testing Privacyidea and have the follwoing problem:
Our users login via RADIUS (Freeradiusplugin) and we use a ldap resolver in Privacyidea.
When a user tries to login the radius auth is working fine but the log says: wrong otp pin.
We just created a policy for otppin = usertore or otppin = none but no setting is actually working, the error is still the same.
Do you have any idea?
Hello @derw0lf and welcome to privacyIDEA,
privacyIDEA receives a “password”, a credential and does “pin splitting” due to certain rules you configured.
You get this error message, since the FreeRADIUS sends something to privacyIDEA, privacyIDEA splits this something and interprets either the left or the right part as pin (or as pin checked against userstore).
There are a lot of reasons, this pin can be wrong. This depends on your configuration.
You might check the token in the webui.
You might check the token via the rest api.
you might run freeradius in debug mode…
…and then you will see, what’s wrong.
thanks for your quick response!
We got it solved, it was just a mistake in our client.conf of the freeradius.
Can you please elaborate?