Steps to fix two factor auth setup error: Difference between revisions
(Created page with "=== <h1>Steps_to_fix_two_factor_auth_setup_error</h1> === <hr> <br> <h2>Problem: </h2> Unable to configure two factor auth for the user and getting following error while ente...") |
No edit summary |
||
(6 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
= | {{BC|Certified}} | ||
__FORCETOC__ | |||
<div class="col-md-12 ibox-content"> | |||
=Two factor auth error due to mismatched codes= | |||
<hr> | <hr> | ||
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}||}} | |||
====Problem==== | |||
Unable to configure two factor authentication for the user because of the following error when entering 6 digit code during setup. | |||
[[File:2FA_Error.PNG]] | |||
====Solution==== | |||
zmprov mcf zimbraTwoFactorTimeWindowOffset 15 | We need to increase time windows offset limit for two factor authentication | ||
zmprov fc -a all | su - zimbra | ||
zmprov mcf zimbraTwoFactorTimeWindowOffset 15 | |||
zmprov fc -a all | |||
'''Note: ''' | '''Note: ''' | ||
If you still get same error with 15 then increase offset upto 30. | If you still get same error with 15 then increase offset upto 30. | ||
===== Attribute Description: ===== | |||
zmprov desc -a zimbraTwoFactorTimeWindowOffset | |||
Determines the number of windows to check when trying to validate a | |||
TOTP code (NOW-n through NOW+n). This number should typically be | |||
small, but a minimum value of 1 is usually necessary to account for | |||
network latency and clock drift. See also: | |||
zimbraTwoFactorTimeWindowLength and | |||
https://tools.ietf.org/html/rfc6238#section-5.2 | |||
type : integer | |||
value : | |||
callback : | |||
immutable : false | |||
cardinality : single | |||
requiredIn : | |||
optionalIn : globalConfig | |||
flags : | |||
defaults : 1 | |||
min : 1 | |||
max : | |||
id : 1830 | |||
requiresRestart : | |||
since : 8.7.0,9.0.0 | |||
deprecatedSince : | |||
{| class="wikitable" style="background-color:#d0f0c0;" cellpadding="10" | |||
|'''Submitted by''': Heera Singh Koranga | |||
|} | |||
{{Article Footer|ZCS 8.8, 8.7 |2017-08-23}} |
Latest revision as of 14:13, 31 August 2018
Two factor auth error due to mismatched codes
Problem
Unable to configure two factor authentication for the user because of the following error when entering 6 digit code during setup.
Solution
We need to increase time windows offset limit for two factor authentication
su - zimbra zmprov mcf zimbraTwoFactorTimeWindowOffset 15 zmprov fc -a all
Note: If you still get same error with 15 then increase offset upto 30.
Attribute Description:
zmprov desc -a zimbraTwoFactorTimeWindowOffset Determines the number of windows to check when trying to validate a TOTP code (NOW-n through NOW+n). This number should typically be small, but a minimum value of 1 is usually necessary to account for network latency and clock drift. See also: zimbraTwoFactorTimeWindowLength and https://tools.ietf.org/html/rfc6238#section-5.2 type : integer value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : 1 min : 1 max : id : 1830 requiresRestart : since : 8.7.0,9.0.0 deprecatedSince :
Submitted by: Heera Singh Koranga |