Menu
▾
▴
#5070 LDAP 2FA is ignored
I have 1 local user and 1 ldap user configured in webmin. Both have 2FA set. When I login as the local user and leave the Token field blank on the login page, the authentication fails: (Two-factor authentication failed : No two-factor token entered), however when I do the same with the ldap user, I get logged in without any errors. If I input the token I still get logged in. Looks like the token is ignored when an ldap user is loggin in.
The ldap user has webminAttr set twofactor_id=* and twofactor_provider=totp.
Thanks for pointing this out - this will be fixed in the next Webmin release.
I'm still able to login without providing 2FA code. Using version 1.881.
Have you tried version 1.883? It's available from http://www.webmin.com/devel.html
I installed 1.883 and it does the same thing. I can still login without providing the 2FA code.
Did you try re-enrolling the user for twofactor after upgrading?
I deleted the user and recreated it from scratch then added 2FA. Same issue.
These are the webminAttr values:
sync=0
theme
cert
id=cn=ilia.b,ou=Webmin_Users,ou=Users,dc=my,dc=domain
lastchange
proto=ldap
twofactor_id=JAOC3M55AA3N2FPE
lang
nochange
twofactor_provider=totp
pass=mypassword
olds=
overlay
real=My Name
temppass
minsize
logouttime
notabs=0
Last edit: ibakhmoutski 2018-06-01
That looks OK ..
What output do you get if you run
grep twofactor /etc/webmin/miniserv.confThis is the output:
twofactor_provider=totp
Can this be caused by OpenLDAP ACLs ? In my mind, no, because I'm able to login so there are valid read permissions to the user object. And I'm able to delete and create the user so there are valid write permissions. I thought I'd just ask, just in case I'm missing something.
Last edit: ibakhmoutski 2018-06-04
Ok, I found the cause of this - it was a bug in Webmin (sorry). It will be fixed in the next release though.