[Solved] 2fa TOTP problems

Started by crt333, August 04, 2021, 04:00:00 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 04, 2021, 04:00:00 PM Last Edit: August 10, 2021, 11:38:24 PM by crt333
I would appreciate any suggestions for the following problem:

I have been using login with TOTP for years, but a strange new problem in the last 3 days:

- can't login to web interface, get a password failure (with TOTP)
- open a shell using ssh and existing certificate, reset admin password and turn off TOTP
- login without TOTP, restore working configuration (reboots)
- can once again log in using old TOTP setup

The next morning it is dead again, and I have to repeat all the above (3 mornings in a row)

Everything seems to run fine, just can't login to web interface.

running on Qotom box:
   OPNsense 21.7-amd64
   FreeBSD 12.1-RELEASE-p19-HBSD
   OpenSSL 1.1.1k 25 Mar 2021
August 10, 2021, 06:08:33 AM #1
If your restoring your configurations, aren't you restoring the MFA?

Have you tried to remove the MFA authentication method from the server? System:Settings:Administration:Authentication > local
then go to
System:Access:Servers > delete TOTP server

August 10, 2021, 02:45:24 PM #2
Thanks for responding.

Yes, the restore does include MFA, and it works after the restore. I want to continue using MFA, but the problem is the next day something is wrong again and I can't log in to the GUI with MFA or without MFA, I am locked out.

So, then I have to SSH in again and reset the root password and turn off MFA. If I leave MFA off everything works fine day after day, but if I turn it on again it works for a while but by the next day its bad again.

Is deleting and reconfiguring it likely to be a permanent fix? I really don't understand what the problem might be here.
August 10, 2021, 02:49:45 PM #3
Sounds like a clock problem. Make sure NTP keeps the time in sync...


Cheers,
Franco
August 10, 2021, 03:30:37 PM #4
Thanks, I guess I should have though of that, but since I've never done anything with NTP and it showed up as running I thought it would be OK, but it hadn't connected to any peers. All good now, not sure why that came up, but seems to be OK now.
August 10, 2021, 11:31:32 PM #5
Don't forget to mark as solved
August 10, 2021, 11:39:54 PM #6
Thanks for the reminder. I changed the subject to say solved, don't see any other way to mark it.

Thanks to "errored out" and franco
Print
Go Up Pages1
User actions