Closed chagrawil closed 2 years ago
Hello, Are you trying to log in using remote desktop ou localy on the computer ? Is the computer part of a domain ? Best regards
The successes and failures all occurred when trying to logon locally to a computer that was part of a domain AND was taken out of a domain. All the necessary reboots were issued when moving to and from the domain. Logging without using "excluded_account" only worked on -5.8.5.1 whether part of the domain or not.
Can you please send to support@multiotp.com a printscreen of the registry keys in : HKEY_CLASSES_ROOT\CLSID{FCEFDFAB-B0A1-4C4D-8B2B-4FF4E0A3D978}
On what OS (version and bit) are you runnning the credential provider ? On what OS (version and bit) are you runnning the multiOTP server ?
multiotp-cp: Windows 10 Pro 21h2 19044.1645 x64 on Intel i3-5005u multiotp: Slackware 15.0+ 32b on Intel Xeon 2.80GHz with PHP 7.4.29
On Wed, May 4, 2022 at 7:18 AM multiOTP @.***> wrote:
On what OS (version and bit) are you runnning the credential provider ? On what OS (version and bit) are you runnning the multiOTP server ?
— Reply to this email directly, view it on GitHub https://github.com/multiOTP/multiOTPCredentialProvider/issues/55#issuecomment-1117193563, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGGICNJWVVFS4K3T4BTBUSLVIJMIJANCNFSM5UWT4SXQ . You are receiving this because you authored the thread.Message ID: @.***>
Hello, As we have received specific information directly per Email (such as registry content), we will follow this specific case by email directly, and we will come back here to write how we resolved the issue with you. Regards,
I installed the latest cp and made the spec'd changes to multiotp.windows.php. The server showed:
======================================== multiotp 5.8.2.9 Your script is running from /var/www/htdocs/multiotp/ 2022-05-05 06:43:25 debug CredentialProviderRequest Info: Value for IsCredentialProviderRequest: 0 mds2.mds-nh.org 2022-05-05 06:43:25 debug Server-Client Info: ReadUserData server request for 0 mds2.mds-nh.org 2022-05-05 06:43:25 warning System Error: database file /etc/multiotp/users/.db for user does not exist 0 mds2.mds-nh.org 2022-05-05 06:43:25 debug Server-Client Info: *Server secret used for command ReadUserData with error code result 21: secret123 0 mds2.mds-nh.org
The cp log shows:
======================================== multiotp 5.8.7.1 Your script is running from C:\Program Files (x86)\multiOTP.\ 2022-05-05 06:43:25 warning System Error: database file C:\Program Files (x86)\multiOTP.\users.db for user does not exist 0 CARISSA 2022-05-05 06:43:25 error Client-Server Error: Host answers with the following error code: 21 (ERROR: User doesn't exist) 0 CARISSA 2022-05-05 06:43:25 debug Debug Debug: parameters used with command check: 528155 0 CARISSA 2022-05-05 06:43:25 debug Debug Debug: 21 ERROR: User doesn't exist 0 CARISSA 2022-05-05 06:43:25 debug Debug Debug: *Attributes sent to the RADIUS server: Reply-Message := "ERROR: User doesn't exist" 0 CARISSA
Issuing by hand at the multiotp directory:
C:\Program Files (x86)\multiOTP>multiotp -debug -display-log .\test001 980838
LOG 2022-05-05 06:49:28 debug Debug Debug: **New configuration value to write in stat for anonymous_stat_last_update: '1651747768' (was '0' before)
LOG 2022-05-05 06:49:28 debug Debug Debug: **New configuration value for anonymous_stat_last_update: '1651747768' (was '0' before)
LOG 2022-05-05 06:49:28 debug Debug Debug: **Writing configuration data not needed (no change)
LOG 2022-05-05 06:49:28 debug Debug Debug: **New stat value for anonymous_stat_last_update: '1651747768' (was '1651746918' before)
LOG 2022-05-05 06:49:28 debug Debug Debug: **Writing stat data needed
LOG 2022-05-05 06:49:28 info System Info: Send anonymous weekly stats (stats can be disabled)
LOG 2022-05-05 06:49:30 notice (user test001) User Info: User test001 successfully logged in using an external server
LOG 2022-05-05 06:49:30 debug Debug Debug: parameters used with command check: test001 980838 0 OK: Token accepted
And the server showed:
multiotp 5.8.2.9 Your script is running from /var/www/htdocs/multiotp/ 2022-05-05 06:49:30 debug CredentialProviderRequest Info: Value for IsCredentialProviderRequest: 0 mds2.mds-nh.org 2022-05-05 06:49:30 debug Server-Client Info: CheckUserToken server request. 0 mds2.mds-nh.org 2022-05-05 06:49:30 debug Debug Debug: New configuration value to write in stat for anonymous_stat_last_update: '1651747770' (was '1650899067' before) 0 mds2.mds-nh.org 2022-05-05 06:49:30 debug Debug Debug: New configuration value for anonymous_stat_last_update: '1651747770' (was '1650899067' before) 0 mds2.mds-nh.org 2022-05-05 06:49:30 debug Debug Debug: Writing configuration data not needed (no change) 0 mds2.mds-nh.org 2022-05-05 06:49:30 debug Debug Debug: New stat value for anonymous_stat_last_update: '1651747770' (was '1651746919' before) 0 mds2.mds-nh.org 2022-05-05 06:49:30 debug Debug Debug: *Writing stat data needed 0 mds2.mds-nh.org 2022-05-05 06:49:30 info System Info: Send anonymous weekly stats (stats can be disabled) 0 mds2.mds-nh.org 2022-05-05 06:49:30 notice test001 User OK: User test001 successfully logged in with HOTP token 0 mds2.mds-nh.org 2022-05-05 06:49:30 debug Server-Client Info: Cache level is set to 1 0 mds2.mds-nh.org 2022-05-05 06:49:30 debug Server-Client Info: *Server secret used for command CheckUserToken with error code result 0: secret123 0 mds2.mds-nh.org
Which leaves only the updated cp log:
multiotp 5.8.7.1 Your script is running from C:\Program Files (x86)\multiOTP.\ 2022-05-05 06:49:28 debug Debug Debug: New configuration value to write in stat for anonymous_stat_last_update: '1651747768' (was '0' before) 0 CARISSA 2022-05-05 06:49:28 debug Debug Debug: New configuration value for anonymous_stat_last_update: '1651747768' (was '0' before) 0 CARISSA 2022-05-05 06:49:28 debug Debug Debug: Writing configuration data not needed (no change) 0 CARISSA 2022-05-05 06:49:28 debug Debug Debug: New stat value for anonymous_stat_last_update: '1651747768' (was '1651746918' before) 0 CARISSA 2022-05-05 06:49:28 debug Debug Debug: *Writing stat data needed 0 CARISSA 2022-05-05 06:49:28 info System Info: Send anonymous weekly stats (stats can be disabled) 0 CARISSA 2022-05-05 06:49:30 notice test001 User Info: User test001 successfully logged in using an external server 0 CARISSA 2022-05-05 06:49:30 debug Debug Debug: parameters used with command check: test001 980838 0 CARISSA 2022-05-05 06:49:30 debug Debug Debug: *0 OK: Token accepted 0 CARISSA
On Thu, May 5, 2022 at 5:33 AM multiOTP @.***> wrote:
Hello, I need more debug information. Can you please setup the latest version of credential provider (the one with the bug)
Then in c:\program files (x86)\multiOTP\php\multiotp.windows.php, can you please set those lines to the value true
$this->_log_flag = false; $this->_log_verbose_flag = false; $param_info_debug = false; $enable_log = false; $verbose_log = false;
Should be :
$this->_log_flag = true; $this->_log_verbose_flag = true; $param_info_debug = true; $enable_log = true; verbose_log = true;
This will force some debug logs. Then try to login using OTP (you should have the same error). Then send us the file : c:\program files (x86)\multiOTP\logs\multiotp.log
Best regards
Yann Jeanrenaud // multiOTP ® // +41 32 730 11 10 // [1]
www.multiotp.com
Le mercredi 4 mai 2022, 13:50:44, GitHub notifications a écrit:
multiotp-cp: Windows 10 Pro 21h2 19044.1645 x64 on Intel i3-5005u multiotp: Slackware 15.0+ 32b on Intel Xeon 2.80GHz with PHP 7.4.29
On Wed, May 4, 2022 at 7:18 AM multiOTP @.***> wrote:
On what OS (version and bit) are you runnning the credential provider ? On what OS (version and bit) are you runnning the multiOTP server ?
— Reply to this email directly, view it on GitHub , or unsubscribe
. You are receiving this because you authored the thread.Message ID:
@.***>
— Reply to this email directly, [4] view it on GitHub, or [5] unsubscribe. You are receiving this because you commented.Message ID:
[1] https://www.multiotp.com [2] https://github.com/multiOTP/multiOTPCredentialProvider/issues/55#issuecomment-1117193563 [3] https://github.com/notifications/unsubscribe-auth/AGGICNJWVVFS4K3T4BTBUSLVIJMIJANCNFSM5UWT4SXQ [4] https://github.com/multiOTP/multiOTPCredentialProvider/issues/55#issuecomment-1117218828 [5] https://github.com/notifications/unsubscribe-auth/ACHH2TNYSWLFB5COB656VOLVIJP6FANCNFSM5UWT4SXQ
— Reply to this email directly, view it on GitHub https://github.com/multiOTP/multiOTPCredentialProvider/issues/55#issuecomment-1118356198, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGGICNJR3TN2FYDOBFNN55LVIOIXNANCNFSM5UWT4SXQ . You are receiving this because you authored the thread.Message ID: @.***>
Do you have a special character in the username ?
I sign on as .\test001 when the machine is part of the domain and test001 when the machine is not part of the domain.
On Thu, May 5, 2022 at 8:13 AM multiOTP @.***> wrote:
Do you have a special character in the username ?
— Reply to this email directly, view it on GitHub https://github.com/multiOTP/multiOTPCredentialProvider/issues/55#issuecomment-1118476291, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGGICNNVY74YOAEMW6OQKHDVIO3NBANCNFSM5UWT4SXQ . You are receiving this because you authored the thread.Message ID: @.***>
The bug has been identified. If the computer is in a domain and the domain controller is not reachable the username might be empty when arriving to multiOTP. A new version will be published soon to correct this bug.
New version published
I'm still in the test phase, having started with -5.8.5.1. It was easy enough to get going, but when I upgraded to -5.8.6,1 and then to 5.8.7.1, I lost the ability to login on any account beyond the one specified in "excluded_account". I kept getting windows otp is wrong messages. The server would show lines such as the following:
2022-04-29 08:54:29 warning System Error: database file /etc/multiotp/users/c:\program.db for user C:\Program does not exist...
I switched back to -5.8.5.1 and was immediately able to get back in. All three versions worked as expected on the client when I issued commands like the following:
multiotp -debug -display-log user 123456
And the server would show responses such as:
2022-04-29 12:27:00 notice test User OK: User test successfully logged in (using Credential Provider) with...
How can I get more information about the failing login process so that we do not loose the ability to login if an upgrade is needed?
Thank you...