Steps to fix two factor auth setup error: Difference between revisions
No edit summary |
No edit summary |
||
(2 intermediate revisions by 2 users not shown) | |||
Line 2: | Line 2: | ||
__FORCETOC__ | __FORCETOC__ | ||
<div class="col-md-12 ibox-content"> | <div class="col-md-12 ibox-content"> | ||
= | =Two factor auth error due to mismatched codes= | ||
{{ | <hr> | ||
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}||}} | |||
====Problem==== | ====Problem==== | ||
Unable to configure two factor | Unable to configure two factor authentication for the user because of the following error when entering 6 digit code during setup. | ||
[[File:2FA_Error.PNG]] | |||
====Solution==== | ====Solution==== | ||
We need to increase time windows offset limit for two factor authentication | We need to increase time windows offset limit for two factor authentication | ||
su - zimbra | su - zimbra | ||
zmprov mcf zimbraTwoFactorTimeWindowOffset 15 | zmprov mcf zimbraTwoFactorTimeWindowOffset 15 | ||
Line 49: | Line 50: | ||
Submitted by: Heera Singh Koranga | {| class="wikitable" style="background-color:#d0f0c0;" cellpadding="10" | ||
|'''Submitted by''': Heera Singh Koranga | |||
|} | |||
{{Article Footer|ZCS 8.8, 8.7 |2017-08-23}} |
Latest revision as of 14:13, 31 August 2018
Two factor auth error due to mismatched codes
Problem
Unable to configure two factor authentication for the user because of the following error when entering 6 digit code during setup.
Solution
We need to increase time windows offset limit for two factor authentication
su - zimbra zmprov mcf zimbraTwoFactorTimeWindowOffset 15 zmprov fc -a all
Note: If you still get same error with 15 then increase offset upto 30.
Attribute Description:
zmprov desc -a zimbraTwoFactorTimeWindowOffset Determines the number of windows to check when trying to validate a TOTP code (NOW-n through NOW+n). This number should typically be small, but a minimum value of 1 is usually necessary to account for network latency and clock drift. See also: zimbraTwoFactorTimeWindowLength and https://tools.ietf.org/html/rfc6238#section-5.2 type : integer value : callback : immutable : false cardinality : single requiredIn : optionalIn : globalConfig flags : defaults : 1 min : 1 max : id : 1830 requiresRestart : since : 8.7.0,9.0.0 deprecatedSince :
Submitted by: Heera Singh Koranga |