Closed francesco-ficarola closed 6 years ago
Ok, I found this in the syslog logfile:
Jan 11 15:43:26 debian-box sshd: Traceback (most recent call last):#012 File "/usr/local/lib/python2.7/dist-packages/privacyidea_pam-2.11.dev0-py2.7.egg/privacyidea_pam.py", line 279, in pam_sm_authenticate#012 rval = Auth.authenticate(pamh.authtok)#012 File "/usr/local/lib/python2.7/dist-packages/privacyidea_pam-2.11.dev0-py2.7.egg/privacyidea_pam.py", line 101, in authenticate#012 if check_offline_otp(self.user, password, self.sqlfile, window=10):#012 File "/usr/local/lib/python2.7/dist-packages/privacyidea_pam-2.11.dev0-py2.7.egg/privacyidea_pam.py", line 339, in check_offline_otp#012 conn = sqlite3.connect(sqlfile)#012OperationalError: unable to open database file
So I created the file /etc/privacyidea/pam.sqlite
and now it works!
Anyway, just for curiosity, what about the question on the whitespace?
Thanks, Francesco
whitespace is not normal.
please consider posting questions to https://community.privacyidea.org. This is probably a better place to also find configuration issues, later. You will also address more users.
Hello,
we are testing PrivacyIDEA for a 2FA with TOTP. We'd like to access in SSH by requesting both the LDAP password and TOTP code. The testing linux server is a Debian Server and it is joined to our AD domain using PowerBroker Identity Service Open (pbis-open) software. PrivacyIDEA+FreeRadius are installed on an Ubuntu Server having the IP 192.168.10.84.
The first part of /etc/pam.d/sshd (Debian Server) is the following:
The common-auth file included in the above PAM file has the following content:
The module pam_lsass.so should be the one used by PBIS.
So, using the above configuration the authentication fails. The shell properly asks for Password and OTP code, but then return Access Denied. We also run tcpdump to see if the Debian Server sends any packet to the PrivacyIDEA server, but no packet is shown:
We also notice the following code in the python file "privacyidea_pam.py":
There's a whitespace between self. and verify... is that normal?
Thanks, Francesco