CecilXavier
Technical User
I am having an issue with getting an IDM server to connect through to a
radius server for authentication. I have a lab setup with a similar setup
to what I have in our test environment and my lab works. I have setup the
RSA server to be the same, except for network information. I can ping
between the servers like normal. When I try to authenticate through IDM to
RSA, It doesn't look like the authentication is leaving my IDM server. I've
checked every log I can think of, It hasn't pointed toward a smoking gun. I
am trying to not reinstall the whole server to resolve this. Any Ideas?
Nov 8 11:02:00 (ServerName) sshd[15579]: FIPS mode initialized
Nov 8 11:02:04 (ServerName) ipa-otpd[14892]: (UserName): request received
Nov 8 11:02:04 (ServerName) ipa-otpd[14892]: (UserName): user query start
Nov 8 11:02:04 (ServerName) ipa-otpd: (UserName): request received
Nov 8 11:02:04 (ServerName) ipa-otpd: (UserName): user query start
Nov 8 11:02:04 (ServerName) ipa-otpd[14892]: (UserName): user query end:
uid=sfereday,cn=users,cn=accounts,dc=deca,dc=mil
Nov 8 11:02:04 (ServerName) ipa-otpd[14892]: (UserName): radius query
start: cn=10.16.208.43,cn=radiusproxy,dc=deca,dc=mil
Nov 8 11:02:04 (ServerName) ipa-otpd: (UserName): user query end:
uid=sfereday,cn=users,cn=accounts,dc=deca,dc=mil
Nov 8 11:02:04 (ServerName) ipa-otpd: (UserName): radius query start:
cn=10.16.208.43,cn=radiusproxy,dc=deca,dc=mil
Nov 8 11:02:04 (ServerName) ipa-otpd[14892]: (UserName): radius query end:
10.16.208.43
Nov 8 11:02:04 (ServerName) ipa-otpd[14892]: (UserName): forward start:
feredays / 10.16.208.43
Nov 8 11:02:04 (ServerName) ipa-otpd: (UserName): radius query end:
10.16.208.43
Nov 8 11:02:04 (ServerName) ipa-otpd: (UserName): forward start: feredays /
10.16.208.43
Nov 8 11:02:04 (ServerName) ipa-otpd: (UserName): forward end: Socket type
not supported
Nov 8 11:02:04 (ServerName) ipa-otpd: (UserName): response sent:
Access-Reject
Nov 8 11:02:04 (ServerName) ipa-otpd[14892]: (UserName): forward end:
Socket type not supported
Nov 8 11:02:04 (ServerName) ipa-otpd[14892]: (UserName): response sent:
Access-Reject
Nov 8 11:02:04 (ServerName) [sssd[krb5_child[15588]]][15588]:
Preauthentication failed
Nov 8 11:02:04 (ServerName) [sssd[krb5_child[15588]]][15588]:
Preauthentication failed
Nov 8 11:02:04 (ServerName) [sssd[krb5_child[15588]]]: Preauthentication
failed
Nov 8 11:02:04 (ServerName) [sssd[krb5_child[15588]]]: Preauthentication
failed
radius server for authentication. I have a lab setup with a similar setup
to what I have in our test environment and my lab works. I have setup the
RSA server to be the same, except for network information. I can ping
between the servers like normal. When I try to authenticate through IDM to
RSA, It doesn't look like the authentication is leaving my IDM server. I've
checked every log I can think of, It hasn't pointed toward a smoking gun. I
am trying to not reinstall the whole server to resolve this. Any Ideas?
Nov 8 11:02:00 (ServerName) sshd[15579]: FIPS mode initialized
Nov 8 11:02:04 (ServerName) ipa-otpd[14892]: (UserName): request received
Nov 8 11:02:04 (ServerName) ipa-otpd[14892]: (UserName): user query start
Nov 8 11:02:04 (ServerName) ipa-otpd: (UserName): request received
Nov 8 11:02:04 (ServerName) ipa-otpd: (UserName): user query start
Nov 8 11:02:04 (ServerName) ipa-otpd[14892]: (UserName): user query end:
uid=sfereday,cn=users,cn=accounts,dc=deca,dc=mil
Nov 8 11:02:04 (ServerName) ipa-otpd[14892]: (UserName): radius query
start: cn=10.16.208.43,cn=radiusproxy,dc=deca,dc=mil
Nov 8 11:02:04 (ServerName) ipa-otpd: (UserName): user query end:
uid=sfereday,cn=users,cn=accounts,dc=deca,dc=mil
Nov 8 11:02:04 (ServerName) ipa-otpd: (UserName): radius query start:
cn=10.16.208.43,cn=radiusproxy,dc=deca,dc=mil
Nov 8 11:02:04 (ServerName) ipa-otpd[14892]: (UserName): radius query end:
10.16.208.43
Nov 8 11:02:04 (ServerName) ipa-otpd[14892]: (UserName): forward start:
feredays / 10.16.208.43
Nov 8 11:02:04 (ServerName) ipa-otpd: (UserName): radius query end:
10.16.208.43
Nov 8 11:02:04 (ServerName) ipa-otpd: (UserName): forward start: feredays /
10.16.208.43
Nov 8 11:02:04 (ServerName) ipa-otpd: (UserName): forward end: Socket type
not supported
Nov 8 11:02:04 (ServerName) ipa-otpd: (UserName): response sent:
Access-Reject
Nov 8 11:02:04 (ServerName) ipa-otpd[14892]: (UserName): forward end:
Socket type not supported
Nov 8 11:02:04 (ServerName) ipa-otpd[14892]: (UserName): response sent:
Access-Reject
Nov 8 11:02:04 (ServerName) [sssd[krb5_child[15588]]][15588]:
Preauthentication failed
Nov 8 11:02:04 (ServerName) [sssd[krb5_child[15588]]][15588]:
Preauthentication failed
Nov 8 11:02:04 (ServerName) [sssd[krb5_child[15588]]]: Preauthentication
failed
Nov 8 11:02:04 (ServerName) [sssd[krb5_child[15588]]]: Preauthentication
failed