OPNsense Forum

English Forums => 24.7, 24.10 Legacy Series => Topic started by: opnblue on January 13, 2025, 11:04:06 AM

Title: TOPT 2fA Authentication Failed
Post by: opnblue on January 13, 2025, 11:04:06 AM
Hi all. Testing 2fa returns this error message without further context or error code:

Bildschirmfoto 2025-01-13 um 10.52.55.png

I can`t find anything related in the logs. Has anyone any idea how to troubleshoot and fix this?

24.7.11_2 directly installed on a dedicated box.

Thanks! :)
Title: Re: TOPT 2fA Authentication Failed
Post by: peterwkc on January 13, 2025, 12:55:39 PM
Previously, I encounter this error. Then I retry to delete the user then recreate user with simple password.
Title: Re: TOPT 2fA Authentication Failed
Post by: opnblue on January 13, 2025, 02:40:56 PM
@peterkwc not sure if I understand. You deleted the user and created a new one with a simple password? What do you mean by simple? I don`t have a problem with regular passwords, its OTP that cause this. :)
Title: Re: TOPT 2fA Authentication Failed
Post by: Monviech (Cedrik) on January 13, 2025, 08:14:03 PM
You must append or prepend the otp token to the password of the user when testing, depending on the configuration.
Title: Re: TOPT 2fA Authentication Failed
Post by: meyergru on January 13, 2025, 08:20:56 PM
The most essential thing is in the name: TOTP = Time based One Time Password. If your system time is off, nothing works.
Title: Re: TOPT 2fA Authentication Failed
Post by: opnblue on January 14, 2025, 08:20:05 PM
Thanks you two.

@monviech

now I am even more confused :D it worked when testing with appending the OTP to the PW.
However I cannot login now regulary anymore with the same user, no matter if I try PW only or OTP+PW in the same field, or PW first (no error message) then OTP second (error: wrong password).

@meyergru how can I identify if the system time is on or off? I checked the timezone (correct) and there is a OPNsense time server selected under Network time. Do you mean time on BIOS level?
edit: I just ran an update and in the console view there it read the correct time.
Title: Re: TOPT 2fA Authentication Failed
Post by: opnblue on January 14, 2025, 08:39:57 PM
Update: I think I 'solved' it now. Deleted the old users and created a new one, which seems to work now both in tester and real login.

Btw.. if some dev is reading this: please improve the UX of the OTP login flow. I would have never tried to fill-in OTP and PW in the same form field. At least explain it somewhere clearly, please.
Title: Re: TOPT 2fA Authentication Failed
Post by: Patrick M. Hausen on January 14, 2025, 09:06:59 PM
You mean explain like here? 😉

https://docs.opnsense.org/manual/how-tos/two_factor.html#step-5-test-the-token
Title: Re: TOPT 2fA Authentication Failed
Post by: opnblue on January 14, 2025, 09:30:28 PM
Quote from: Patrick M. Hausen on January 14, 2025, 09:06:59 PMYou mean explain like here? 😉

https://docs.opnsense.org/manual/how-tos/two_factor.html#step-5-test-the-token

yes, but in UI :)