issue with M2F authentication action box

[Gaice Prince]

Dears,

I am testing OpenOTP with for M2F for VPN SSL .

After installation, Active Directory Server and  MF2 Authentication server registration , i am still missing the "M2F authentication action" box for Token registration .

Someone can help ?

Version : WebADM Freeware Edition v2.3.15

[Benoît Jager (RCDevs)]

Hello,

You activated a group, so you will not get the MFA authentication action. For group, you will only get access to the Secure Password Reset and User Self-Registration.

[Gaice Prince]

Hi Benoit,
thank for the reply, so what is the process to have  MFA authentication action ?

[Benoît Jager (RCDevs)]

Hello,

MFA authentication action is available on user account. So just activate one of your user account (either of person and/or user objectclass). You can try with yours.

Here are our documentation on how to activate users:

https://docs.rcdevs.com/howtos/activate/activate/

[Gaice Prince]

Hi ,

yes you are right , now i have "application action" box .

I will continue the config and test . 

[Gaice Prince]

Hello ,

I'm still stuck in the configuration.
After clicking on register a token, I get an error message: "Could not find any user domain ."

 After some research on google this is caused to the lack of adding a domain name.

So i tried to add a domain but at each attempt i got in log "invalid domain ... (invalid LDAPDN setting)" 

below my config :

Container: OU=webadms,DC=ad,DC=supdeco,DC=local

User search base : CN=Users,DC=ad,DC=supdeco,DC=local

Someone can help please ?

[Yoann Traut (RCDevs)]

Hello, 

Are you able to see your created domain from the WebADM GUI > Admin > Users Domains?
If no, can you try to clear the WebADM System caches from Admin tab and check again? 

Regards

[Gaice Prince]

Hi ,

yes i can see the domain   from the WebADM GUI > Admin > Users Domains" .

It is also available in AD schema , in OU webadms  > Domains.

You can find all evidences in attach files .

[Yoann Traut (RCDevs)]

Hello, 

Does the proxy_user (service account) defined in /opt/webadm/conf/webadm.conf has enough permissions to read the WebADM configuration container and sub containers? 
If you want to easily try our solutions with AD, the easiest way is to use a domain admin account for proxy_user and super_admin accounts. That way you don't have any permissions issue and you can test all features. 
If this is not possible, you have to setup AD ACLs according to what you want to do. ACLs are available here:

WebADM Super Administrators:

https://docs.rcdevs.com/howtos/super_admin/super_admin_rights/

These permissions are involved when your are authenticated on the WebADM Admin Portal.

WebADM Proxy Account (service account)

https://docs.rcdevs.com/howtos/proxy_user/proxy_user_rights/

These permissions are involved when your are authenticated on a Web Application or when using a Web Service like OpenOTP.  

Regards 

[Gaice Prince]

Hello,

i am using a admin domain as proxy user .

Thank to note also after creation of domain i lost connection to WebADM till the deletion of the domain created early . 

in attach my config file . 

[Yoann Traut (RCDevs)]

Strange... your config seems to be fine and we are not able to reproduce your issue. 

Could we have a look remotely through Anydesk or Teamviewer to check what is wrong? 

Regards

[Gaice Prince]

hello,

I just rebooted all the servers, and it works fine now. I'll continue the test.
Thanks