Brett Smith created GUACAMOLE-1212:
--------------------------------------
Summary: Cannot authenticate with OTP-enabled LDAP user
Key: GUACAMOLE-1212
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1212
Project: Guacamole
Issue Type: Bug
Components: guacamole-auth-ldap
Affects Versions: 1.2.0
Reporter: Brett Smith
I'm using FreeIPA in my environment. I have guacamole-auth-ldap enabled and
configured and it works fine for users who do not have 2FA enabled. For our
users with 2FA enabled, we are using TOTP tokens provided by FreeIPA.
When investigating a tcpdump between guacamole and the LDAP server, I can see
that guacamole passes the username and password to the LDAP server twice. This
works fine for a traditional username and password, but for a 2FA-enabled user,
the second authentication attempt returns failure since the TOTP is one-time
use. 2FA login attempts result in the guacamole logs outputting "successfully
authenticated" while the web UI shows "Invalid Login" in a red banner.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
