OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of adminexploit »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - adminexploit

Pages: [1]
1
General Discussion / Re: massive users import with TOTP access for VPN and exploitation
« on: September 24, 2024, 06:35:46 pm »
I don't know how radius server can help me to manage user's TOTP token. I discovered a magical option who can make user to manage thier own TOTP token at:

System: Settings: Administration: User OTP seed

I create a specific group and associate     System: User Password Manager privilege to it. I added user to this group but, user can not loggin, even the password is correct:


2024-09-24T18:29:40   Informational   configd.py   action allowed system.event.config_changed for user root   
2024-09-24T18:29:39   Notice   audit   /index.php: User logged out for user 'test' from: 172.21.22.15   
2024-09-24T18:29:39   Notice   audit   /index.php: Successful login for user 'test' from: 172.21.22.15

so, as you can see, I'm loggin, and... logged out immediatly, and root did something I don't know what to kick me out of the group.

When give to myself Password Manager privilege on my own profile page, I can loggin to change my password, which is not good since I'm imported from AD, but I don't have options to change or generate TOTP token......

If users can interacte with thier password managment page, that would be perfect, but it seems to bugging or I missed something.

2
General Discussion / Re: massive users import with TOTP access for VPN and exploitation
« on: September 24, 2024, 01:32:22 pm »
I discoverd that users in /config/config.xml can be modified onlive. So.... I'm always to do it a better way.

3
General Discussion / massive users import with TOTP access for VPN and exploitation
« on: September 24, 2024, 11:58:33 am »
Hi,
I've about 850 users to import from Active Directory to opnsense in order to play with openvpn + AD + TOTP authentcation.

Actually, I'm able to import just one single user which works fine. but it there a simple way to import 850 users ( Yeah, I can do it by clicking on cloud) AND generate TOTP token for each of them?

I plan to play with xml config file and restore it with a python script, but it's not very clean, and I've to reboot opnsense to import the new xml config file. Because I didn't find a way to do the job with API....

thanks for your helps.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2