Unable to used cached details when online but remote OTP server is not available

[AussieMakerGeek]

Hi, I am currently testing MultiOTP for local 2FA on mobile computers.

I have a multiOTP server set up on our network using LDAP sync and it works fine for local interactive auth (not RDP) of our test machines.

When the machine is completely offline, it also works fine. However, if for example I am connected to ANY network, but NOT the network that contains the multiOTP server, the CP will deny the login saying that the OTP was incorrect.

The simple solution is to disconnect from the network, log in 'offline' and then connect but this is not practical for several hundred users that work from home or connect via VPN/Hotspot.

Can this behaviour be changed so that the CP will assume it is offline if it can not connect to the OTP server, rather than not connected to a network at all? Surely this would work better in the case that perhaps the OTP server goes down too...

[AussieMakerGeek]

Reviewing the code of the CP, I can now see that this is not actually an issue with the CP itself but with the compiled multiOTP.exe file the CP is calling (I assumed the CP done this directly) - If you prefer, I can log this as an issue in that branch.

[multiOTP]

Hello, Thanks for your feedback. This issue is already opened here: https://github.com/multiOTP/multiotp/issues/37. A fix should be available soon. We keep this issue open, so you will have an automatic information when we close it. Regards

[multiOTP]

Hello, Could you please try to increase the OTPTimeout to 60 seconds during the setup ? Thanks for your reply Regards,

[multiOTP]

Hello Ahuxtable, This issue is fixed in version 5.3.0.0 (https://github.com/multiOTP/multiotp/releases/tag/5.3.0.0). Please be sure to increment the multiOTP Timeout to something higher like 30 or 60 seconds. Please check it on your side and close this issue if it is resolved. Thanks a lot for your feedback. If you want to continue to support our work with a small donation, have a look at the Wiki homepage, we provide a link to our Paypal account. Regards, Andre

[AussieMakerGeek]

Hi Andre but sad to report that this does not seem to have resolved the problem. I have increased timeout to 30 seconds as instructed but still when logging on it tells me that OTP is incorrect but works fine if I am offline completely.

[multiOTP]

Hello Ahuxtable, Sorry to hear that, we will investigate further. Regards, Andre

[multiOTP]

Hello, can you please try with the latest version.

Regards

[AussieMakerGeek]

Sorry, I missed your update - This is still a problem in 5.4.0.1

[AussieMakerGeek]

So I coincidentally found a 'fix' for this.

I was playing around with it today and had a bit of a lightbulb moment. While the problem itself still exists, the simple solution is to ensure you are using a host name for the OTP server and not IP. Since there is no DNS resolution for the OTP server when connected to a foreign network it just automatically reverts to offline mode.

It now works perfectly.