Difference between revisions of "Steps to fix two factor auth setup error"

(Created page with "=== <h1>Steps_to_fix_two_factor_auth_setup_error</h1> === <hr> <br> <h2>Problem: </h2> Unable to configure two factor auth for the user and getting following error while ente...")
 
Line 1: Line 1:
=== <h1>Steps_to_fix_two_factor_auth_setup_error</h1> ===
+
=== <h1>Steps to fix two factor auth setup error</h1> ===
 
<hr>
 
<hr>
 
<br>
 
<br>
Line 6: Line 6:
 
Unable to configure two factor auth for the user and getting following error while entering 6 digit code during setup.   
 
Unable to configure two factor auth for the user and getting following error while entering 6 digit code during setup.   
  
"Error! Enter code again to confirm setup"
+
<code>"Error! Enter code again to confirm setup"</code>
  
  
Line 12: Line 12:
 
We need to increase time windows offset limit for two factor authentication.   
 
We need to increase time windows offset limit for two factor authentication.   
  
<pre>su - zimbra
+
su - zimbra
zmprov mcf zimbraTwoFactorTimeWindowOffset 15   
+
zmprov mcf zimbraTwoFactorTimeWindowOffset 15   
zmprov fc -a all  
+
zmprov fc -a all
</pre>
 
  
 
'''Note: '''  
 
'''Note: '''  
 
If you still get same error with 15 then increase offset upto 30.  30 is maximum limit.
 
If you still get same error with 15 then increase offset upto 30.  30 is maximum limit.
 +
 +
 +
===== Attribute Description: =====
 +
zmprov desc -a zimbraTwoFactorTimeWindowOffset
 +
 +
    Determines the number of windows to check when trying to validate a
 +
    TOTP code (NOW-n through NOW+n). This number should typically be
 +
    small, but a minimum value of 1 is usually necessary to account for
 +
    network latency and clock drift. See also:
 +
    zimbraTwoFactorTimeWindowLength and
 +
    https://tools.ietf.org/html/rfc6238#section-5.2
 +
 +
              type : integer
 +
              value :
 +
          callback :
 +
          immutable : false
 +
        cardinality : single
 +
        requiredIn :
 +
        optionalIn : globalConfig
 +
              flags :
 +
          defaults : 1
 +
                min : 1
 +
                max :
 +
                id : 1830
 +
    requiresRestart :
 +
              since : 8.7.0,9.0.0
 +
    deprecatedSince :

Revision as of 05:51, 19 August 2017

Steps to fix two factor auth setup error



Problem:

Unable to configure two factor auth for the user and getting following error while entering 6 digit code during setup.

"Error! Enter code again to confirm setup"


Solution:

We need to increase time windows offset limit for two factor authentication.

su - zimbra
zmprov mcf zimbraTwoFactorTimeWindowOffset 15   
zmprov fc -a all

Note: If you still get same error with 15 then increase offset upto 30. 30 is maximum limit.


Attribute Description:
zmprov desc -a zimbraTwoFactorTimeWindowOffset

   Determines the number of windows to check when trying to validate a
   TOTP code (NOW-n through NOW+n). This number should typically be
   small, but a minimum value of 1 is usually necessary to account for
   network latency and clock drift. See also:
   zimbraTwoFactorTimeWindowLength and
   https://tools.ietf.org/html/rfc6238#section-5.2

              type : integer
             value :
          callback :
         immutable : false
       cardinality : single
        requiredIn :
        optionalIn : globalConfig
             flags :
          defaults : 1
               min : 1
               max :
                id : 1830
   requiresRestart :
             since : 8.7.0,9.0.0
   deprecatedSince :
Jump to: navigation, search