I believe you end in a race-condition situation:
Aug 07 11:46:20 agent sshd(pam_google_auth)[60824]: Trying to reuse a previously used time-based code. ("/home/dummy.user/.google_authenticator")Retry again in 30 seconds. Warning! This might mean, you are currently subject to a man-in-the-middle attack.
This would imply that your user answered Yes to the question:
Do you want to disallow multiple uses of the same authentication
token? This restricts you to one login about every 30s, but it increases
your chances to notice or even prevent man-in-the-middle attacks (y/n)
When they were initializing .google-authenticator. ThinLinc requires the same OTP to be used twice.
(See How to set up One-Time-Password (OTP) authentication in ThinLinc for what is required)
Kind regards,
Martin