Radius Test error message : Reply-Message = "wrong otp pin"

Installation
1

Hello community,

Please note that while testing the FreeRadius I got the error bellow, test user belong to an LDAP account that has an enrolled token:

[root@test-otp-002 ~]# echo ‘User-Name=test-user, User-Password=488383’ | radclient -sx localhost auth testing123

Sent Access-Request Id 197 from 0.0.0.0:55767 to 127.0.0.1:1812 length 49

User-Name = “test-user”

User-Password = “488383”

Cleartext-Password = “488383”

Received Access-Reject Id 197 from 127.0.0.1:1812 to 0.0.0.0:0 length 35

Reply-Message = “wrong otp pin”

(0) -: Expected Access-Accept got Access-Reject

Packet summary:

Accepted : 0

Rejected : 1

Lost : 0

Passed filter : 0

Failed filter : 1

I captured the log of privacy idea during the test and it shows the information bellow

Mon May 4 15:38:32 2020 : Info: rlm_perl: Config File /etc/privacyidea/rlm_perl.ini found!

Mon May 4 15:38:32 2020 : Info: rlm_perl: Debugging config: true

Mon May 4 15:38:32 2020 : Info: rlm_perl: Default URL https://127.0.0.1/validate/check

Mon May 4 15:38:32 2020 : Info: rlm_perl: Looking for config for auth-type Perl

Mon May 4 15:38:32 2020 : rlm_perl: RAD_REQUEST: User-Name = test-user

Mon May 4 15:38:32 2020 : rlm_perl: RAD_REQUEST: Event-Timestamp = May 4 2020 15:38:32 CEST

Mon May 4 15:38:32 2020 : rlm_perl: RAD_REQUEST: User-Password = 488383

Mon May 4 15:38:32 2020 : rlm_perl: RAD_REQUEST: NAS-IP-Address = 127.0.0.1

Mon May 4 15:38:32 2020 : Info: rlm_perl: Auth-Type: Perl

Mon May 4 15:38:32 2020 : Info: rlm_perl: url: https://127.0.0.1/validate/check

Mon May 4 15:38:32 2020 : Info: rlm_perl: user sent to privacyidea: test-user

Mon May 4 15:38:32 2020 : Info: rlm_perl: realm sent to privacyidea: Realmtest

Mon May 4 15:38:32 2020 : Info: rlm_perl: resolver sent to privacyidea: win2012

Mon May 4 15:38:32 2020 : Info: rlm_perl: client sent to privacyidea: 127.0.0.1

Mon May 4 15:38:32 2020 : Info: rlm_perl: state sent to privacyidea:

Mon May 4 15:38:32 2020 : rlm_perl: urlparam client = 127.0.0.1

Mon May 4 15:38:32 2020 : rlm_perl: urlparam pass = 488383

Mon May 4 15:38:32 2020 : rlm_perl: urlparam resConf = win2012

Mon May 4 15:38:32 2020 : rlm_perl: urlparam realm = Realmtest

Mon May 4 15:38:32 2020 : rlm_perl: urlparam user = test-user

Mon May 4 15:38:32 2020 : Info: rlm_perl: Request timeout: 10

Mon May 4 15:38:32 2020 : Info: rlm_perl: Not verifying SSL certificate!

Mon May 4 15:38:32 2020 : Info: rlm_perl: elapsed time for privacyidea call: 0.252266

Mon May 4 15:38:32 2020 : rlm_perl: Content {“jsonrpc”: “2.0”, “signature”: "rsa_sha256_pss: adad93f04a1641226eb270fe88fc147fd32c9463232024bf3a5f1d84d0617fdf4e2c030021ea2636df9702f0e3eef09ff0995687587af53191c6f45b3c38d88c0afc372631c517d8ae0aef71f9ef2abf3db361f141c1890f73b52366bfc43be02e4babec50f8ded400e73cc6fa039f638acf06502e9020d20ed56d66af25fa35b53c2b15a93b4004b4d355ef79eabb0e755377d320be2b2dd3f19eba772442bedeff6b57f24d589e772b900a3c05265f5ce11161a4797bd1d24f661537eb83f7a2ec91f170d0f52b0f2197d2780c87b918a90dce6610d4712741b6be2fad8ed7b04b618bfa8408c8d97414870c84efbf56eac3605af70cf02cbdb7c4093e80a1", “detail”: {“message”: “wrong otp pin”, “threadid”: 140514444850944}, “versionnumber”: “3.0.2”, “version”: “privacyIDEA 3.0.2”, “result”: {“status”: true, “value”: false}, “time”: 1588599512.284608, “id”: 1}

Mon May 4 15:38:32 2020 : Info: rlm_perl: privacyIDEA Result status is true!

Mon May 4 15:38:32 2020 : Info: rlm_perl: privacyIDEA access denied

Mon May 4 15:38:32 2020 : Info: rlm_perl: return RLM_MODULE_REJECT

Also bellow the radius logs.

[2020-05-04 14:26:21,946][1330][140514528777984][INFO][privacyidea.lib.pooling:84] Creating a new engine and connection pool for key sqlaudit

[2020-05-04 14:26:22,698][1330][140514528777984][INFO][privacyidea.lib.tokens.vasco:56] PI_VASCO_LIBRARY option is not set, functionality disabled

[2020-05-04 15:19:02,169][1330][140514520385280][INFO][privacyidea.lib.user:230] user u’user-test’ found in resolver u’win2012’

[2020-05-04 15:19:02,170][1330][140514520385280][INFO][privacyidea.lib.user:231] userid resolved to ‘6c7a6cb1-9237-4081-93b2-0bbebec89f4b’

[2020-05-04 15:27:33,181][1330][140514444850944][INFO][privacyidea.lib.user:230] user u’user-test’ found in resolver u’win2012’

[2020-05-04 15:27:33,181][1330][140514444850944][INFO][privacyidea.lib.user:231] userid resolved to ‘6c7a6cb1-9237-4081-93b2-0bbebec89f4b’

[2020-05-04 15:28:01,210][1330][140514520385280][INFO][privacyidea.lib.user:230] user u’user-test’ found in resolver u’win2012’

[2020-05-04 15:28:01,210][1330][140514520385280][INFO][privacyidea.lib.user:231] userid resolved to ‘6c7a6cb1-9237-4081-93b2-0bbebec89f4b’

[2020-05-04 15:29:15,339][1330][140514444850944][INFO][privacyidea.lib.user:230] user u’user-test’ found in resolver u’win2012’

[2020-05-04 15:29:15,339][1330][140514444850944][INFO][privacyidea.lib.user:231] userid resolved to ‘6c7a6cb1-9237-4081-93b2-0bbebec89f4b’

[2020-05-04 15:29:51,766][1330][140514520385280][INFO][privacyidea.lib.user:230] user u’user-test’ found in resolver u’win2012’

[2020-05-04 15:29:51,766][1330][140514520385280][INFO][privacyidea.lib.user:231] userid resolved to ‘6c7a6cb1-9237-4081-93b2-0bbebec89f4b’

[2020-05-04 15:38:32,216][1330][140514444850944][INFO][privacyidea.lib.user:230] user u’user-test’ found in resolver u’win2012’

[2020-05-04 15:38:32,217][1330][140514444850944][INFO][privacyidea.lib.user:231] userid resolved to ‘6c7a6cb1-9237-4081-93b2-0bbebec89f4b’

Thanks a lot guys!

2

hello Guys,

is there someone who can help regarding issue?

Thanks a lot.

3

Dear @Anas_Maarif,

if you test your token using the WebUI. Does it work?

Best regards

4

Hi laclaro thanks for responding this issue is already resolved. it was my fault I was testing the connection by only typing the OTP password without PIN.