"
So it looks like the ldap query is not sent when totp is used.
Nothing in the packet capture.
Nothing in the packet capture.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#17
20.1 Legacy Series / Re: LDAP + TOTP authentication failure
August 03, 2020, 03:19:51 PM
Any ideas?
Biggest problem is no logging of errors so I have nowhere to start troubleshooting.
Biggest problem is no logging of errors so I have nowhere to start troubleshooting.
#18
20.1 Legacy Series / Re: LDAP + TOTP authentication failure
August 03, 2020, 02:22:27 PM
You may be on to something.
The successful ldap auth has about 3x times more packets than the ldap+totp auth.
I tested on cleartext and ssl ldap with same results.
It does seem to do the client hello, server hello, certificate hello and handshake without errors.
I wonder if it is sending the totp to the ldap server as well?
The successful ldap auth has about 3x times more packets than the ldap+totp auth.
I tested on cleartext and ssl ldap with same results.
It does seem to do the client hello, server hello, certificate hello and handshake without errors.
I wonder if it is sending the totp to the ldap server as well?
#19
20.1 Legacy Series / Re: LDAP + TOTP authentication failure
August 03, 2020, 01:58:54 PM
new cleartext ldap server authenticates fine.
Same server with totp fails.
Tcpdump gives "That device doesn't support monitor mode" error - vmxnet3 vmware driver.
Will try tcpdump on different vm with e1000 driver.
Same server with totp fails.
Tcpdump gives "That device doesn't support monitor mode" error - vmxnet3 vmware driver.
Will try tcpdump on different vm with e1000 driver.
#20
20.1 Legacy Series / Re: LDAP + TOTP authentication failure
August 03, 2020, 01:32:45 PM
screenshot attached
#21
20.1 Legacy Series / Re: LDAP + TOTP authentication failure
August 03, 2020, 01:24:27 PM
screenshot attached
Also tested totp on a different phone with same failure.
Also tested totp on a different phone with same failure.
#22
20.1 Legacy Series / Re: LDAP + TOTP authentication failure
August 03, 2020, 01:13:30 PM
Please see the video:
URL: https://transfer.csir.co.za/index.php/s/WQ6NYGHiMemazQd
passwd is: D5M`(!wr,8
link expires 17/07/2020
I would be very happy if I was making a mistake and could have this problem resolved.
URL: https://transfer.csir.co.za/index.php/s/WQ6NYGHiMemazQd
passwd is: D5M`(!wr,8
link expires 17/07/2020
I would be very happy if I was making a mistake and could have this problem resolved.
#23
20.1 Legacy Series / Re: LDAP + TOTP authentication failure
August 03, 2020, 11:33:08 AM
Hello mimugmail,
ldap works 100% from tester and vpn logins.
I tried to verify the time sync by looking at my desktop time and vpn time at same time.
It seems to be fine. Perhaps 1sec difference.
Thanks
ldap works 100% from tester and vpn logins.
I tried to verify the time sync by looking at my desktop time and vpn time at same time.
It seems to be fine. Perhaps 1sec difference.
Thanks
#24
20.1 Legacy Series / Re: LDAP + TOTP authentication failure
August 03, 2020, 11:19:00 AM
Hi Guys,
58x views and no answers?
Does anybody successfully use ldap+totp authentication?
If so, on what firmware version? 18.7, 19.1 and 20.1.9 does not work.
Thanks
58x views and no answers?
Does anybody successfully use ldap+totp authentication?
If so, on what firmware version? 18.7, 19.1 and 20.1.9 does not work.
Thanks
#25
20.1 Legacy Series / [Solved] LDAP + TOTP authentication failure
July 25, 2020, 10:52:26 AM
Good day all,
Please help!
I have Opnsense 20.1.9 installed, and configured for Radius and LDAP authentication.
OPNsense 20.1.9-amd64
FreeBSD 11.2-RELEASE-p20-HBSD
OpenSSL 1.1.1g 21 Apr 2020
Authentications that work:
Local user
Local user + TOTP (Google Authenticator)
Radius user
LDAP user
I did have to install opnsense-patch b2affd1 to get LDAP working. (allow CA cert selection under server)
Then imported the ldap user and generated the QR code.
I cannot get LDAP + TOTP to work. Tried token in front and rear of password and using Google Authenticator but tried 2FA Authenticator too.
Tester just gives this error:
The following input errors were detected: Authentication failed.
The log files do not seem to show any errors regarding ldap or totp.
Am I missing something?
Thank you in advance.
Please help!
I have Opnsense 20.1.9 installed, and configured for Radius and LDAP authentication.
OPNsense 20.1.9-amd64
FreeBSD 11.2-RELEASE-p20-HBSD
OpenSSL 1.1.1g 21 Apr 2020
Authentications that work:
Local user
Local user + TOTP (Google Authenticator)
Radius user
LDAP user
I did have to install opnsense-patch b2affd1 to get LDAP working. (allow CA cert selection under server)
Then imported the ldap user and generated the QR code.
I cannot get LDAP + TOTP to work. Tried token in front and rear of password and using Google Authenticator but tried 2FA Authenticator too.
Tester just gives this error:
The following input errors were detected: Authentication failed.
The log files do not seem to show any errors regarding ldap or totp.
Am I missing something?
Thank you in advance.
