On 8/14/2023 2:29 PM, Delvain Mbina wrote:
Hello,
My predecessor installed Apache Guacamole 1.0.0 onto a Centox box which
serves as our Bastion Host. We set up database-based authentication
(with Maria DB) and our users can authenticate successfully. After some
security assessments, we decided to implement TOTP authentication for
more secure access. About 3 months ago, we installed and configured the
TOTP extension (1.0.0) and we were able to enroll our MFA device and
authenticate with the TOTP code using Google Authenticator. We have
recently re-installed the extension by following the same instructions
but during the MFA enrollment, we kept getting “Verification Failed.
Please try again”. I could see that my user registered as successfully
authenticated via "journalctl -u tomcat" using Google Authenticator. If
I remove the extension, everything works as expected. I just can't seem
to figure out how to get 2FA working again. Can you please help?
Check that:
1) Your server's clock is correct (if your server's clock is out of
sync, it will generate incorrect codes)
2) You haven't overridden any of the default options used for TOTP, such
as the hash, number of digits, or period (Google Authenticator will
silently ignore these and generate invalid codes)
- Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org
