23.6. OTP AuthenticationΒΆ
If OTP authentication fails for a user you might check the following:
Verify that the tokens for this user are not locked.
Verify that the fail counters of the tokens of the user have not reached the max fail count.
Try to authenticate via the LinOTP Web API. This will give you a better idea of the error and rule out error source like the RADIUS server or the PAM module. For doing this use a web browser and go to the URL:
https://<yourlinotpserver>/validate/check?user=<login>&pass=<OTPPINOTPvalue>.The return will be a JSON structure. Either download it and view it with your preferred text viewer or get the JSONViewer Plugin for your browser.
Take a look at the log file on the LinOTP server. Probably it is the file:
/var/log/linotp/linotp.log
.Take a look at the RADIUS server log file.