Windows command line — multiOTP open source forum

Emergency login in case of lost access

aratoken — Mon, 28 Jul 2025 16:15:25 +0000

Hi! i am currently using multiOTP successfully in a testing environment but there is one question that i have not yet found a clear answer to. Is there a way to restore access in case if i lose my ability to log into for example the Administrator account (For example lost phone)? Can i create backup codes or similar to temporarely disable multiOTP? If not what would be the usual approach? Thank you!

How to apply local only version for Windows 11 ?

datlv — Mon, 23 Jun 2025 04:53:00 +0000

I have one Windows 11 PC, I want to apply OTP during the remote desktop, so I tried to installed local only version but I dont know how to create user with QR code (or secret key). Please share me the correct way to do it. Thanks for the support.

enable and disable 2fa for users

aratoken — Thu, 12 Jun 2025 08:13:05 +0000

Hi! i am recently using the windows version to secure rdp logins on my server, so far its working fine. However i am a bit confused regarding the "iswithout2fa" option through the command line: I tried to set this option for two users for testing purposes, setting it for my Administrator (using the Administrator) worked fine but configuring it for another testuser did not seem to work. If i log in with said user and set it, it works without issues but in return i cannot set the option for other users (for example the Administrator). Is there a restriction as to how/where to set the without2fa option that i'm missing? In both cases (working and not) i got no output on my cli after using the command at all. Also: am i assuming correctly that the "iswithout2fa" can only be removed with a restart of the whole system? I couldn't find any option for it in the help output and i noticed that after restarting the server because of updates that 2FA was re-enabled for a user i previously disabled it using that option. Thank you and best regards!

AD sync not working now?

dreamscape — Wed, 26 Mar 2025 15:42:13 +0000

I have hardened my AD and now get the error below when trying to do a sync: LOG 2025-03-26 15:36:14 warning LDAP Error: FATAL: AD bind failed. Check the login credentials (8: Strong(er) authentication required). (00002028: LdapErr: DSID-0C090330, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v4f7c) 99 *ERROR: Authentication failed (and other possible unknown errors) Any ideas how i fix this?

Cannot get user/group downloading working from AD - how can I enable more logging?

IanMurphy — Thu, 06 Jun 2024 09:54:07 +0000

sorry for the lack of formatting. I can't work out how to post anything than a block of text. I'm playing around with MultiOTP on a windows server attempting to set up a 2FA system. Everything went smoothly up to the point of actually downloading the group/users when the system always indicates no updates: ``` C:\MultiOTP\Windows>multiotp -debug -display-log -ldap-users-sync LOG 2024-06-06 09:31:54 debug LDAP Debug: *AD/LDAP synchronization started at 09:31:54 / Memory used: 14.5MB / Peak: 27.1MB LOG 2024-06-06 09:31:54 info LDAP Info: AD/LDAP synchronization started LOG 2024-06-06 09:31:54 debug System Debug: *LDAP cache folder value: C:\Users\ADMIN-~1\AppData\Local\Temp\.ldap_cache/ LOG 2024-06-06 09:31:54 info LDAP Info: No update for the 0 LDAP synced users, based on 1 LDAP entries (processed in 00:00:00) 19 *INFO: Requested operation successfully done ``` As far as I can tell my LDAP connection is correctly configured. I have a single group with a single test user in the group. I've tried adding a new user to the group to see if that provoked any changed but it always indicates 0 ldap synced users If I connect to ldap using an ldap client tool, it works and allows me to see the contents of the group and can browse around the AD objects without any problems. So the account I'm using works fine - its a specially created account. Is there a way to enable verbose logging which will log the tcp open, each message, etc.? I've been over the documentation but can't find anything which will enable detailed debug logging. If I execute multiotp -ldap-check -debug it reports nothing at all, no errors, no warnings.

restore error

paulspectre — Tue, 31 Jul 2018 05:01:35 +0000

Hi. When I try to restore a configuration, I get the following error: Reply-Message := "ERROR: Authentication failed (and other possible unknown errors)" Any ideas?

AD-LDAP user not working until CLI login

cgrossman — Tue, 22 Aug 2017 18:24:30 +0000

I have everything set up to sync AD users with MultiOTP. I have an AD group VPNUsers that I put users in, and when I run the MultiOTP sync, it creates the user accounts that exist in that group. So far, so good. However, I'm trying to authenticate the user using the check user function on the web console at on port 58112, and the authentication fails. Once I go to the (Windows) MultiOTP server and run 'multiotp username passwordprefixand6digitcode', I get back 'Filter-ID += "VPNUsers"'. Then, and only then, does the web console work. Looking at the user.db, other than things like last_login field, I'm just seeing the ldap_hash_cache field go from blank to a long string, and ldap_hash_validity go from 0 to 1504016776. What is going on that needs the CLI login to happen before the web login works?

Windows Client with Linux Server error

AsLY — Mon, 10 Aug 2015 21:49:08 +0000

Hello,

I configure multiotp on linux with apache to access web-gui and webservice.
User are created on linux and local authentication is working
./multiotp.php toto 193604
LOG 2015-08-10 23:05:29 notice (user toto) User OK: User toto successfully logged in
0 OK: Token accepted

then I deploy multiotp on windows Server 2008, and configure it as client :
multiotp.exe -config server-secret=MySharedSecret
multiotp.exe -config server-cache-level=1
multiotp.exe -config server-timeout=3
multiotp.exe -config server_url=http://172.16.3.87/ (apache on linux)

Also add following configuration on linux :
./multiotp.php -config server-secret=MySharedSecret
./multiotp.php -config server-cache-level=1
./multiotp.php -config server-cache-lifetime=15552000

When I tried authentication on windows :
.\multiotp.exe -display-log -log -debug toto 752569

I got a error :
Notice: XML Parsing Error at 2:1. Error 4: Not well-formed (invalid token) in D:\Data\projects\multiotp\phc-cli\multiotp
.windows.php on line 19263

Notice: XML Parsing Error at 2:1. Error 4: Not well-formed (invalid token) in D:\Data\projects\multiotp\phc-cli\multiotp
.windows.php on line 19263

LOG 2015-08-10 23:37:01 critical Client-Server Error: Host answers with the following error code: 99 ()

LOG 2015-08-10 23:37:01 warning System Error: database file C:\Program Files\multiotp\users\toto.db for user toto does n
ot exist

Notice: XML Parsing Error at 2:1. Error 4: Not well-formed (invalid token) in D:\Data\projects\multiotp\phc-cli\multiotp
.windows.php on line 19263

LOG 2015-08-10 23:37:01 critical Client-Server Error: Host answers with the following error code: 99 ()
21 ERROR: User doesn't exist

I also notice in multiotp log on linux :
Your script is running from /opt/linux/
2015-08-10 23:37:04     debug           Server-Client   Info: *ReadUserData server request.

Network trace from tcpdump :

Client request :
POST / HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 369
User-Agent: multiOTP
Host: 172.16.3.87
data=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%0A%3CmultiOTP+version%3D%224.0%22+xmlns%3D%22http%3A%2F%2Fwww.sysco.ch%2Fnamespaces%2Fmultiotp%22%3E%0A%3CServerChallenge%3EU1NyVjc0EW8FOWonaXFOHVIjcnQvEAgyOns4fE99NjV2ZTUu%

Server response :
HTTP/1.1 200 OK
Date: Mon, 10 Aug 2015 21:41:25 GMT
Server: Apache/2.2.22 (Debian)
X-Powered-By: PHP/5.4.39-0+deb7u2
Expires: Mon, 10 Aug 2015 21:41:25 GMT
Last-Modified: Mon, 10 Aug 2015 21:41:25 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 402
Connection: close
Content-Type: text/html
LOG 2015-08-10 23:41:25 debug Server-Client Info: *CheckUserExists server request.

CheckUserExists
32f8a1bb4062e4d4e9a22ea7d1004bb8
22
ERROR: User already exists

POST / HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 363
User-Agent: multiOTP
Host: 172.16.3.87
data=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%0A%3CmultiOTP+version%3D%224.0%22+xmlns%3D%22http%3A%2F%2Fwww.sysco.ch%2Fnamespaces%2Fmultiotp%22%3E%0A%3CServerChallenge%3EU1NyVjA2RzQEPj5yaipMEwctL3UmEA5lPHgyL0l9YmkkZTMk%
3C%2FServerChallenge%3E%0A%3CReadUserData%3E%0A++++%3CUserId%3Etoto%3C%2FUserId%3E%0A%3C%2FReadUserData%3E%0A%3C%2FmultiOTP%3E
3C%2FServerChallenge%3E%0A%3CCheckUserExists%3E%0A++++%3CUserId%3Etoto%3C%2FUserId%3E%0A%3C%2FCheckUserExists%3E%0A%3C%2FmultiOTP%3E

Client request :
POST / HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 363
User-Agent: multiOTP
Host: 172.16.3.87
data=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%0A%3CmultiOTP+version%3D%224.0%22+xmlns%3D%22http%3A%2F%2Fwww.sysco.ch%2Fnamespaces%2Fmultiotp%22%3E%0A%3CServerChallenge%3EU1NyVjA2RzQEPj5yaipMEwctL3UmEA5lPHgyL0l9YmkkZTMk%
3C%2FServerChallenge%3E%0A%3CReadUserData%3E%0A++++%3CUserId%3Etoto%3C%2FUserId%3E%0A%3C%2FReadUserData%3E%0A%3C%2FmultiOTP%3E

Server response :
HTTP/1.1 200 OK
Date: Mon, 10 Aug 2015 21:41:25 GMT
Server: Apache/2.2.22 (Debian)
X-Powered-By: PHP/5.4.39-0+deb7u2
Expires: Mon, 10 Aug 2015 21:41:25 GMT
Last-Modified: Mon, 10 Aug 2015 21:41:25 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 1253
Connection: close
Content-Type: text/html
LOG 2015-08-10 23:41:25 debug Server-Client Info: *ReadUserData server request.

ReadUserData
c1d9eae32f86b1281f64fa74d7d24845
19
INFO: Requested operation successfully done


...



Any idea what this bug is?