Steps to fix two factor auth setup error: Difference between revisions
No edit summary |
No edit summary |
||
(5 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
== | {{BC|Certified}} | ||
__FORCETOC__ | |||
<div class="col-md-12 ibox-content"> | |||
=Two factor auth error due to mismatched codes= | |||
<hr> | <hr> | ||
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}||}} | |||
====Problem==== | |||
Unable to configure two factor authentication for the user because of the following error when entering 6 digit code during setup. | |||
[[File:2FA_Error.PNG]] | |||
====Solution==== | |||
We need to increase time windows offset limit for two factor authentication | |||
su - zimbra | su - zimbra | ||
zmprov mcf zimbraTwoFactorTimeWindowOffset 15 | zmprov mcf zimbraTwoFactorTimeWindowOffset 15 | ||
Line 17: | Line 20: | ||
'''Note: ''' | '''Note: ''' | ||
If you still get same error with 15 then increase offset upto 30. | If you still get same error with 15 then increase offset upto 30. | ||
Line 45: | Line 48: | ||
since : 8.7.0,9.0.0 | since : 8.7.0,9.0.0 | ||
deprecatedSince : | deprecatedSince : | ||
{| class="wikitable" style="background-color:#d0f0c0;" cellpadding="10" | |||
|'''Submitted by''': Heera Singh Koranga | |||
|} | |||
{{Article Footer|ZCS 8.8, 8.7 |2017-08-23}} |
Latest revision as of 14:13, 31 August 2018
Two factor auth error due to mismatched codes
Problem
Unable to configure two factor authentication for the user because of the following error when entering 6 digit code during setup.
Solution
We need to increase time windows offset limit for two factor authentication
su - zimbra zmprov mcf zimbraTwoFactorTimeWindowOffset 15 zmprov fc -a all
Note: If you still get same error with 15 then increase offset upto 30.
Attribute Description:
zmprov desc -a zimbraTwoFactorTimeWindowOffset Determines the number of windows to check when trying to validate a TOTP code (NOW-n through NOW+n). This number should typically be small, but a minimum value of 1 is usually necessary to account for network latency and clock drift. See also: zimbraTwoFactorTimeWindowLength and https://tools.ietf.org/html/rfc6238#section-5.2 type : integer value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : 1 min : 1 max : id : 1830 requiresRestart : since : 8.7.0,9.0.0 deprecatedSince :
Submitted by: Heera Singh Koranga |