Steps to fix two factor auth setup error
Two factor auth error due to mismatched codes
Problem
Unable to configure two factor authentication for the user because of the following error when entering 6 digit code during setup.
Solution
We need to increase time windows offset limit for two factor authentication
su - zimbra zmprov mcf zimbraTwoFactorTimeWindowOffset 15 zmprov fc -a all
Note: If you still get same error with 15 then increase offset upto 30.
Attribute Description:
zmprov desc -a zimbraTwoFactorTimeWindowOffset Determines the number of windows to check when trying to validate a TOTP code (NOW-n through NOW+n). This number should typically be small, but a minimum value of 1 is usually necessary to account for network latency and clock drift. See also: zimbraTwoFactorTimeWindowLength and https://tools.ietf.org/html/rfc6238#section-5.2 type : integer value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : 1 min : 1 max : id : 1830 requiresRestart : since : 8.7.0,9.0.0 deprecatedSince :
Submitted by: Heera Singh Koranga |