Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

If you want to subscribe to this forum, use your Facebook account, or send us an email to forum - at - multiotp - dot - net and we will send you back an invitation.

AndreL

About

Username
AndreL
Joined
Visits
33
Last Active
Roles
Administrator

Comments

  • You are welcome.
  • Hello, for multiotpmschap, your multiotp.php parameters are wrong, you have apparently kept the ntlm_auth parameters instead! Regards, Andre
  • Hello, control:Auth-Type == MS-CHAP is the problem, replace MS-CHAP with mschap Content for policy.d: multiotp_prefix = '' multiotp.authorize { # This test force multiOTP for any MS-CHAP(v2),CHAP and PAP attempt if (…
  • Hello, We need more detail please. Which version of Linux distribution are you using ? Which version of FreeRADIUS ? Which version of multiOTP open source (multiotp.php -v), or do you use our open source virtual appliance (which version) ? MS-C…
  • Hello, the new multiOTP open source virtual appliance 5.0.4.7 in VMware format is available for download: http://download.multiotp.net/vmware/ Thanks in advance for your feedback Regards, Andre
  • Hello Alex, Starting with version 5.0.4.6, if multiOTP files are installed on a Linux machine, the data folders will always be under /etc/multiotp/ (/etc/multiotp/config, /etc/multiotp/users/, ...) The last version 5.0.4.8 is available here: h…
  • Hello Evgenyte, We have done a test with the same server: Windows Server 2012R2 with All Updates, Has AD DS role, DNS role. (Primary Domain Controller). Could you please check with the version 5.0.4.8 which is available for download on http://…
  • Hello, We were able to reproduce the problem and we found the issue, the new 5.0.4.6 version is available on http://download.multiotp.net/ Regards and thanks a lot for your valuable feedback. Any comments welcome. Andre
  • *** I KEEP THIS ANSWER HERE TO HAVE THE FULL STORY, BUT THIS IS NOT THE SOLUTION *** The Visual C++ Redistributable for Visual Studio 2015 x86 or x64 should be integrated, but it could be possible that there is a problem here. Try to download sepa…
  • To be clear, you are using this installer, right ? http://download.multiotp.net/credential-provider/multiOTPCredentialProvider-5.0.4.5.exe
  • Hello, no, SquirrelIT don't do anything about PHP. What is the exact process, and when does the error appears ? After the installation process, you should have a C:\multiOTP directory, right ? If you open a command line window, you go in C:…
  • Hello Evgenyte, What did you type as the password for this user ? Based on your configuration (default-request-prefix-pin=1 and default-request-ldap-pwd=1), the password of the user should be: [AD password] + [token displayed on Google Authent…
  • Please note that as soon as you have changed the attributes to encrypt, the selected attributes of each record will be encrypted the next time the record is touched, you don't have to do anything else. Regards, Andre
  • Hi andre, The value ** is set when launching the "check.multiotp.class.php" file. This is for debugging purpose. $multiotp->_config_data['attributes_to_encrypt'] = '**';  // For test purposes only // Write the configuration information in the …
  • Hello, In multiotp.ini file, the attributes_to_encrypt= must be empty in order to encrypt the default sensitive attributes, which are the following: admin_password_hashchallengedevice_secretldap_hash_cacheldap_server_passwordscratch_passwordsseed_pa…
  • Hello, Thanks for your link, very useful for a lot of users. Best regards, Andre
  • Thanks, you should even be able to find a link somewhere to our donation button if you want :-) In the next release, the "server" component will ignore the display_log parameter. Best regards, and thanks again for your valuable feedback in order t…
  • Ok, I think I have it :-) ! The display_log flag is probably still actived in the configuration of your server ! Please put display_log=0 in your multiotp.ini on the server side and try it again ! Best regards, Andre
  • Hello, Could you please download this beta version of multiotp.exe and give us the detailed error message ? http://download.multiotp.net/beta/4.3.2.2-beta-2/multiotp.exe Best regards
  • Hello, Could you please tell me the exact version of multiotp that you are using ? (>multiotp -version) The XML is well formed, it's probably a bug in the XML parser we use (based on the parser made by Adam A. Flynn). Best regards, Andre
  • With PIN + token, it's different, as the PIN is known by multiOTP, so it can calculate the different [PIN + token] hashes that can be accepted,
  • Hello, MSCHAPv2 with AD password cannot work, because MSCHAPv2 will create a hash based on  the AD password AND the token. When arriving on the multiOTP server, it's just impossible to separate again the password and the token from the hash! For ev…
  • Hello, What is the size of your large AD directory (how many users and how many groups) ? The last beta version is much more optimized for larger AD directory, you can download it here: http://download.multiotp.net/beta/ Have a try, and in any case,…
  • Generic LDAP is now supported since release 4.3.1.1 (2014-12-15).
  • Direct Access with multiOTP is working and is documented here: http://blog.piservices.fr/post/DirectAccess-Deploiement-de-lauthentification-forte.aspx
  • Hello Slan, Your Base DN is false, you don't have to give the name of the AD server. The correct BaseDN should be DC=otp,DC=test Are you connecting using LDAPS with a Windows 2012R2 server? If yes, it is now supported in the last beta version ava…
  • The last beta version supports LDAPS with Windows 2012 servers and is available here: http://download.multiotp.net/beta/ This is the trick: putenv('LDAPTLS_CIPHER_SUITE=NORMAL:!VERS-TLS1.2'); Which will disable TLS1.2 negotiation, because GnuTLS a…
    in LDAPS Comment by AndreL December 2015
  • ldap-users-sync is done using LDAP and OpenSSL support provided by PHP. Please check https://github.com/adldap/adLDAP/wiki/LDAP-over-SSL to have more details. Best regards,
    in LDAPS Comment by AndreL December 2015
  • Tests in progress in ordrer to reproduce the problem...
  • Hello, The next release (Q4/2015) should be compatible with the module created by Last Squirrel in order to provide an Active Directory Federation Services (https://technet.microsoft.com/en-us/library/hh831502.aspx) Stay tuned! Best regards, …