1
General Discussion / Re: massive users import with TOTP access for VPN and exploitation
« on: September 24, 2024, 06:35:46 pm »
I don't know how radius server can help me to manage user's TOTP token. I discovered a magical option who can make user to manage thier own TOTP token at:
System: Settings: Administration: User OTP seed
I create a specific group and associate System: User Password Manager privilege to it. I added user to this group but, user can not loggin, even the password is correct:
2024-09-24T18:29:40 Informational configd.py action allowed system.event.config_changed for user root
2024-09-24T18:29:39 Notice audit /index.php: User logged out for user 'test' from: 172.21.22.15
2024-09-24T18:29:39 Notice audit /index.php: Successful login for user 'test' from: 172.21.22.15
so, as you can see, I'm loggin, and... logged out immediatly, and root did something I don't know what to kick me out of the group.
When give to myself Password Manager privilege on my own profile page, I can loggin to change my password, which is not good since I'm imported from AD, but I don't have options to change or generate TOTP token......
If users can interacte with thier password managment page, that would be perfect, but it seems to bugging or I missed something.
System: Settings: Administration: User OTP seed
I create a specific group and associate System: User Password Manager privilege to it. I added user to this group but, user can not loggin, even the password is correct:
2024-09-24T18:29:40 Informational configd.py action allowed system.event.config_changed for user root
2024-09-24T18:29:39 Notice audit /index.php: User logged out for user 'test' from: 172.21.22.15
2024-09-24T18:29:39 Notice audit /index.php: Successful login for user 'test' from: 172.21.22.15
so, as you can see, I'm loggin, and... logged out immediatly, and root did something I don't know what to kick me out of the group.
When give to myself Password Manager privilege on my own profile page, I can loggin to change my password, which is not good since I'm imported from AD, but I don't have options to change or generate TOTP token......
If users can interacte with thier password managment page, that would be perfect, but it seems to bugging or I missed something.