2FA or two-factor authentication with cockpit

stephdl · March 14, 2020, 1:03pm

Yes I tested myself to set to another TZ manually (Moscou), it just worked

what user did you used ?

root ?

transocean · March 14, 2020, 1:04pm

Yes, user is root.

stephdl · March 14, 2020, 1:05pm

cat /var/lib/nethserver/2fa/root

please what is the output

transocean · March 14, 2020, 1:07pm

[root@sx.x.x.x.server ~]# cat /var/lib/nethserver/2fa/root
cat: /var/lib/nethserver/2fa/root: No such file or directory

stephdl · March 14, 2020, 1:11pm

ok back to the first mind…I do not know what you are facing…

what browser do you use ?

what OS do you use ?

transocean · March 14, 2020, 1:13pm

MS Edge or FireFox
OS on Client is WIN 10 Enterprise. OTP app works on my iPhone.

stephdl · March 14, 2020, 1:14pm

try chrome, but it works on FF

I do not have a apple, I cannot try, only android

transocean · March 14, 2020, 1:25pm

Same situation with chrome. I have a old notebook with linux mint. I will test it with this and report later.

stephdl · March 14, 2020, 1:26pm

I use it with linux…

transocean · March 14, 2020, 1:41pm

No problems with linux mint and firefox.

stephdl · March 14, 2020, 1:42pm

hum what the hell crosoft has done

transocean · March 14, 2020, 1:46pm

Dont ask me… Sometimes i think it’s time to say good bye to ms and windows.

But now it’s time for the coffee.

Thanks for helping.

stephdl · March 14, 2020, 1:51pm

thanks for testing :), now I know of to reproduce

stephdl · March 14, 2020, 4:15pm

what version of EDGE, chrome and FF did you tested on windows

does other user of microsoft windows could valid that it fails ?

transocean · March 14, 2020, 4:21pm

FF latest Version 74.0

Also Edge latest Version 80.0.361.66

Not tested with Chrome, because i dont like it to have parts of Google software on my clients.

transocean · March 14, 2020, 4:45pm

Tested with all my four WIN 10 Enterprise Clients with Edge and FF with the latest Patchlevel.

Result: Not possible to activate 2FA

Last Test with my iPad IOS 13 and Safari.

Result: I can activate 2FA without problems

stephdl · March 14, 2020, 5:12pm

oathtool --totp 'KEY'

We could use this and get rid of the JS library, we can create a time token and validate it from the user input. This time it is the server itself which provides the token, not the remote browser, theoretically we could have a bad validation if the user input is made in the last second of token life

I made a bug report to the otplib in GH, let’s see if I am the bug

stephdl · March 16, 2020, 4:28pm

sorry @transocean I cannot reproduce, I tested myself with a W10 and FF74, it simply just works

Scan the QR code with freeotp
fill the input verification field with the number read on freeOTP
press test, the verification if valid allows to save the form (save become blue)

if you want to test on Windows with EDGE, Chrome and firefox @support_team please

yum install http://packages.nethserver.org/nethserver/7.7.1908/autobuild/x86_64/Packages/nethserver-cockpit-1.4.6-1.40.pr191.gfc9fe7a.ns7.noarch.rpm http://packages.nethserver.org/nethserver/7.7.1908/autobuild/x86_64/Packages/nethserver-cockpit-lib-1.4.6-1.40.pr191.gfc9fe7a.ns7.noarch.rpm -y

giacomo · March 16, 2020, 5:12pm

I also tested with Win10 and Linux, no problem so far.

transocean · March 16, 2020, 5:33pm

Hi,

same problem like last weekend. No way with WIN 10, FF or Edge.
Possible only with Linux and FF or Apple IOS 13 with Safari.
Within the next days i will test it with a fresh WIN 10.

Regards

Uwe