Google authenticator : Access-Reject

servernemesis at tutanota.com servernemesis at tutanota.com
Tue Apr 24 12:34:03 CEST 2018 

I log with the fqdn (use_fully_qualified_names true in sssd)
But I tried without and same problem.

>
Try radtest without @doman part, as It is not part of usernameEero
24. Avr 2018 12:08 de servernemesis at tutanota.com <mailto:servernemesis at tutanota.com>:


> PS :
>  With this line in /etc/pam.d/sshd :
> "auth required  /usr/local/lib/security/pam_google_authenticator.so"
> I'm able to do ssh login with my google auth code.
>
>
> 24. Avr 2018 11:48 de > servernemesis at tutanota.com <mailto:servernemesis at tutanota.com>> :
>
>
>>
>> Hello,
>>
>> I followed this tutorial (>> https://www.techdrabble.com/citrix/14-2factor-with-google-authenticator-and-netscaler <https://www.techdrabble.com/citrix/14-2factor-with-google-authenticator-and-netscaler>>> ) and managed to get it running on Debian 9 with FR 3.0.12 thanks to the help here. But I have another issue : when I try to authenticate with password + googleauth code, I got rejected.
>> I'm able to log on the FR server with domain credentials without problem. The google auth code gets generated without issue either.
>>
>> Radtest:
>> radtest >> user at mydomain.com <mailto:user at mydomain.com>>>  password123456 localhost 18120 testing123
>> Sent Access-Request Id 226 from 0.0.0.0:38763 to 127.0.0.1:1812 length 92
>>         User-Name = ">> user at mydomain.com <mailto:user at mydomain.com>>> "
>>         User-Password = "password123456"
>>         NAS-IP-Address = 127.0.1.1
>>         NAS-Port = 18120
>>         Message-Authenticator = 0x00
>>         Cleartext-Password = "password123456"
>> Received Access-Reject Id 226 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
>> (0) -: Expected Access-Accept got Access-Reject
>>
>>
>> Log:
>> Ready to process requests
>> Waking up in 0.3 seconds.
>> (0) Received Access-Request Id 226 from 127.0.0.1:38763 to 127.0.0.1:1812 length 92
>> (0)   User-Name = ">> user at mydomain.com <mailto:user at mydomain.com>>> "
>> (0)   User-Password = "password123456"
>> (0)   NAS-IP-Address = 127.0.1.1
>> (0)   NAS-Port = 18120
>> (0)   Message-Authenticator = 0x53b836642c653e776b0d9f8a542fca3a
>> (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
>> (0) pap: WARNING: No "known good" password found for the user.  Not setting Auth-Type
>> (0) pap: WARNING: Authentication will fail unless a "known good" password is available
>> (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
>> Waking up in 0.3 seconds.
>> Waking up in 0.2 seconds.
>> (0) pam: ERROR: pam_authenticate failed: Authentication failure
>> (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
>> Waking up in 0.7 seconds.
>> (0) Sent Access-Reject Id 226 from 127.0.0.1:1812 to 127.0.0.1:38763 length 20
>> Waking up in 3.9 seconds.
>> Ready to process requests
>>
>> Regards
>>
>>
>>

More information about the Freeradius-Users mailing list