Hello Michal,
you are given a lot RADIUS configuration, but did you take a look at the
RADIUS log?!
The log from the privacyIDEA tells, that you obviously have attached the
TOTP token the this client machine with the SSH application.
You do not need to do this - or you must not do this.
The “normal” TOTP token does not need to be attached.
- verify normal authentication (e.g. REST API)
→ take a look at privacyIDEA log
- verify RADIUS authentication (WITHOUT SSH!) e.g. radlicnt
→ take a loot at RADIUS log
- If this is all working right, you can check SSH.
→ take a look at PAM log
This is the recommended way to narrow down a problem. ,-)
Kind regards
CorneliusAm Montag, den 11.07.2016, 14:08 -0700 schrieb Michał Lewndowski:
Hello,
I’ve successfully set up SSH key base authentication with privacyIDEA
but I have problem with TOTP auth.
I’ve been using radius and it’s configuration looks like this on
privacyIDEA server:
client clientprivacyIDEA {
ipaddr = 192.168.1.123
netmask = 24
secret = lewandowskim
}
On client I’ve added this line in /etc/pam.d/sshd:
@include otp-auth
and my otp-auth file looks like this:
auth [success=1 default=ignore] pam_radius_auth.so
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_cap.so
also my pam_radius_auth.conf is like:
192.168.1.123 lewandowskim 5
And when I try to login I’ve olny use RSA key and in logs I receive
following info:
[INFO][privacyidea.lib.applications.ssh:89] Token u’TOTP0001653E’,
type u’totp’ is not supported bySSH application module
How can I fix it?
Thanks,
Michal
Please read the blog post about getting help
Getting help – privacyID3A.
For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/af8b4842-a577-4a1f-aa88-3e0d2ee63484%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)