Hi,
we have a VDI Environment (Horizon 8) with TOTP Auth configured on the UAG. It worked well and authentication was possible, until we ugraded from Horizon 7 to 8.
We didn’t changed network, IP, Firewall, Realm or Resolver, just performed the Horizon Upgrade and a Domain Function Level Upgrade from 2008R2 to 2012R2.
When I try to authenticate I can see the following details in radius.log (IP and Username deleted)
Tue Dec 6 16:02:04 2022 : Info: rlm_perl: Config File /etc/privacyidea/rlm_perl.ini found!
Tue Dec 6 16:02:04 2022 : Info: rlm_perl: Debugging config:
Tue Dec 6 16:02:04 2022 : Info: rlm_perl: Default URL https://localhost/validate/check
Tue Dec 6 16:02:04 2022 : Info: rlm_perl: Looking for config for auth-type Perl
Tue Dec 6 16:02:04 2022 : Info: rlm_perl: Password encoding guessed: ascii
Tue Dec 6 16:02:04 2022 : Info: rlm_perl: Setting client IP to <my_IP>.
Tue Dec 6 16:02:04 2022 : Info: rlm_perl: Auth-Type: Perl
Tue Dec 6 16:02:04 2022 : Info: rlm_perl: url: https://localhost/validate/check
Tue Dec 6 16:02:04 2022 : Info: rlm_perl: user sent to privacyidea: <my_User>
Tue Dec 6 16:02:04 2022 : Info: rlm_perl: realm sent to privacyidea:
Tue Dec 6 16:02:04 2022 : Info: rlm_perl: resolver sent to privacyidea:
Tue Dec 6 16:02:04 2022 : Info: rlm_perl: client sent to privacyidea: <my_IP>
Tue Dec 6 16:02:04 2022 : Info: rlm_perl: state sent to privacyidea:
Tue Dec 6 16:02:04 2022 : Info: rlm_perl: urlparam client
Tue Dec 6 16:02:04 2022 : Info: rlm_perl: urlparam user
Tue Dec 6 16:02:04 2022 : Info: rlm_perl: urlparam pass
Tue Dec 6 16:02:04 2022 : Info: rlm_perl: Request timeout: 10
Tue Dec 6 16:02:04 2022 : Info: rlm_perl: Not verifying SSL certificate!
Tue Dec 6 16:02:05 2022 : Info: rlm_perl: elapsed time for privacyidea call: 0.141487
Tue Dec 6 16:02:05 2022 : Info: rlm_perl: privacyIDEA Result status is true!
Tue Dec 6 16:02:05 2022 : Info: rlm_perl: privacyIDEA access denied for <my_User> realm=‘’
Tue Dec 6 16:02:05 2022 : Info: rlm_perl: return RLM_MODULE_REJECT
It seems the system can’t find the User in Realm. If we add Users to the LDAP Resolver Group, the Users are synced, LDAP Connection is functional.
I appreciate every hint for troubleshoot
Regards
Sebastian