[Solved] LDAP + TOTP authentication failure

[CraigS]

Hi mimugmail,

So I set both the local user and the ldap user's otp seed to be the same.

Google authenticator shows the same otp for both users.

local+totp works 100%

ldap+totp fails.

Just ldap works 100%

I would think the totp token is not the problem.


ntpd.log shows this but local+totp still works:


Aug 12 21:09:10 pta-vpn1-2fa ntpd[27650]: ntpd exiting on signal 15 (Terminated)
Aug 12 21:09:10 pta-vpn1-2fa ntpd[27650]: 146.64.x.x local addr 146.64.x.x -> <null>
Aug 12 21:09:10 pta-vpn1-2fa ntpd[27650]: 146.64.x.x local addr 146.64.x.x -> <null>
Aug 12 21:09:10 pta-vpn1-2fa ntpd[57512]: ntpd 4.2.8p15@1.3728-o Tue Jul 28 02:25:36 UTC 2020 (1): Starting
Aug 12 21:09:10 pta-vpn1-2fa ntpd[57512]: Command line: /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
Aug 12 21:09:10 pta-vpn1-2fa ntpd[57512]: ----------------------------------------------------
Aug 12 21:09:10 pta-vpn1-2fa ntpd[57512]: ntp-4 is maintained by Network Time Foundation,
Aug 12 21:09:10 pta-vpn1-2fa ntpd[57512]: Inc. (NTF), a non-profit 501(c)(3) public-benefit
Aug 12 21:09:10 pta-vpn1-2fa ntpd[57512]: corporation.  Support and training for ntp-4 are
Aug 12 21:09:10 pta-vpn1-2fa ntpd[57512]: available at https://www.nwtime.org/support
Aug 12 21:09:10 pta-vpn1-2fa ntpd[57512]: ----------------------------------------------------
Aug 12 21:09:10 pta-vpn1-2fa ntpd[19912]: proto: precision = 0.978 usec (-20)
Aug 12 21:09:10 pta-vpn1-2fa ntpd[19912]: basedate set to 2020-07-16
Aug 12 21:09:10 pta-vpn1-2fa ntpd[19912]: gps base set to 2020-07-19 (week 2115)
Aug 12 21:09:10 pta-vpn1-2fa ntpd[19912]: restrict: 'monitor' cannot be disabled while 'limited' is enabled
Aug 12 21:09:10 pta-vpn1-2fa ntpd[19912]: Listen and drop on 0 v6wildcard [::]:123
Aug 12 21:09:10 pta-vpn1-2fa ntpd[19912]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Aug 12 21:09:10 pta-vpn1-2fa ntpd[19912]: Listen normally on 2 vmx0 146.64.x.x:123
Aug 12 21:09:10 pta-vpn1-2fa ntpd[19912]: Listen normally on 3 vmx0 [fe80::250:56ff:fe9a:d3b8%1]:123
Aug 12 21:09:10 pta-vpn1-2fa ntpd[19912]: Listen normally on 4 lo0 [::1]:123
Aug 12 21:09:10 pta-vpn1-2fa ntpd[19912]: Listen normally on 5 lo0 127.0.0.1:123
Aug 12 21:09:10 pta-vpn1-2fa ntpd[19912]: Listening on routing socket on fd #26 for interface updates
Aug 12 21:09:10 pta-vpn1-2fa ntpd[19912]: kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized
Aug 12 21:09:10 pta-vpn1-2fa ntpd[19912]: kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized

[mimugmail]

The only thing I can offer is that you came to IRC in late August and I have a quick view via Teamviewer

[CraigS]

Hi mimugmail,

Apologies for the late reply.

I am busy purchasing a business subscription and support hours for this and a few more issues.

Will give feedback when I know what the heck is going on, even if I was flatheaded.

Thank you very much for trying to help.

Regards,
Craig.

[mimugmail]

I'm quite sure the guys will find it

[CraigS]

Hi Mimugmail,

So the entire issue was because our LDAP is case sensitive.

I was using cstrydom instead of CStrydom to login.

Ad look and tested for a while and came up with that brilliant deduction.

I would never have thought about it.

Regards,
Craig.

[mimugmail]

Really? Wasn't it the case that OPN didn't even tried an initial LDAP connection?