ThomasHabets
commented
5 years ago Is the timezone also set correctly on the phone?
Closed rayjohno closed 5 years ago
ThomasHabets
commented
5 years ago Is the timezone also set correctly on the phone?
ThomasHabets
commented
5 years ago Also please be more specific about your setup.
Are you saying the only difference between where it works and doesn't is your server environment?
I don't mean to be all "have you turned it off and on again" but have you really checked that the prod server has NTP time that is actually correct (triple-checking has resolved previous issues).
Run ntpdate -q pool.ntp.org.
rayjohno
commented
5 years ago i have set new server on DEV.. same version.. same mobile phone.. = google auth just works fine..
i cant find what's wrong in production... is there any ports i missed to allow in network firewall? as far as i know, google pam during this config on user doesnt really need to go to internet or google server to validate the code.. if i am not mistaken.. how ever i also allowed it..
ThomasHabets
commented
5 years ago Provisioning code has no dependencies at all, and it's very strange that it wouldn't work.
That's why I say triple-check NTP. Also you could try copying the google-authenticator binary from dev to prod, in case your prod build machine has something broken.
ThomasHabets
commented
5 years ago … no dependencies including does not use the network at all.
rayjohno
commented
5 years ago … no dependencies including does not use the network at all.
thanks thomas... its really the time... tried to run ntpdate... unable to find ntp servers... i think it because of firewall...ntp ports are not allowed...
i manually set the time..same with the dev... found to have 3 mins difference... which is 180 seconds delayed...
its working now ^_^
i'm creating the google authenticator profile for the user.
below are the steps: [root@hostname /]# adduser testpam [root@hostname /]# passwd testpam Changing password for user testpam. New password: Retype new password: passwd: all authentication tokens updated successfully. [root@hostname /]# su testpam [testpam@VMPAMAPD07 /]$ google-authenticator
Do you want authentication tokens to be time-based (y/n) y Warning: pasting the following URL into your browser exposes the OTP secret to Google: https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/testpam@VMPAMAPD07%3Fsecret%XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Your new secret key is: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Enter code from app (-1 to skip): 517443 Code incorrect (correct code 029240). Try again. Enter code from app (-1 to skip):
Here's the thing: it always says incorrect code though its really what the code from my google app on mobile.. the server is sync with NTP.' the mobile phone is also sync... same with the server time. date is also the same..
i re-run the ./bootstrap , configure make and make install.. still the same.. wanted to remove all google authenticator but no uninstall..
version Rhel 7.5
from test environment it worked.. on prod.. this is the issue..
cant find other ways.. rebuild of server is not an option...
thank you