WOW, thanks a lot for the info. Now OpenVPN Connect ask me the OTP.
But I have another problem: from WebADM Logs it seems everything is OK, watchgiard firewall told me that the user it's in a right group ....... these the logs, any suggestions?
[2024-03-26 12:20:34] [
127.0.0.1:60726] [OpenOTP:NEGKH2YE] Sent login success response
[2024-03-26 13:25:24] [
127.0.0.1:55994] [WebSrv] Web application 'OpenID' is missing configurations
[2024-03-26 13:25:24] [
127.0.0.1:55994] [WebSrv] Web application 'HelpDesk' is missing configurations
[2024-03-26 13:25:24] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] New openotpSimpleLogin SOAP request
[2024-03-26 13:25:24] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] > Username: name.user
[2024-03-26 13:25:24] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] > Password: xxxxxxxxxxxxx
[2024-03-26 13:25:24] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] > Client ID: 172.16.0.1
[2024-03-26 13:25:24] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] > Options: RADIUS,NOVOICE,-U2F
[2024-03-26 13:25:24] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] Registered openotpSimpleLogin request
[2024-03-26 13:25:24] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] Checking OpenOTP license for TSF SRL
[2024-03-26 13:25:24] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] License Ok (1/25 active users)
[2024-03-26 13:25:24] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] Resolved LDAP user: CN=Massimo Bassan,CN=Users,DC=namedom,DC=local
[2024-03-26 13:25:24] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] Resolved LDAP groups: sslvpn-users,vpn-users,tsf_users
[2024-03-26 13:25:25] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] Started transaction lock for user
[2024-03-26 13:25:25] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] Found user language: IT
[2024-03-26 13:25:25] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] Found 1 user mobiles:
+393383387922[2024-03-26 13:25:25] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] Found 1 user emails:
name...@domain.com[2024-03-26 13:25:25] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] Found 50 user settings: LoginMode=LDAPOTP,OTPType=TOKEN,ChallengeMode=Yes,ChallengeTimeout=90,OTPLength=6,OfflineExpire=30,MobileTimeout=30,EnableLogin=Yes,HOTPLookAheadWindow=25,TOTPTimeStep=30,TOTPTimeOffsetWindow=120,OCRASuite=OCRA-1:HOTP-SHA1-6:QN06-T1M,U2FPINMode=Discouraged,SMSType=Normal,SMSMode=Ondemand,MailMode=Ondemand,PrefetchExpire=10,LastOTPTime=300,ListChallengeMode=ShowID
[2024-03-26 13:25:25] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] Found 4 user data: LastOTP,TokenType,TokenKey,TokenState
[2024-03-26 13:25:25] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] Last OTP expired 2024-03-26 12:25:34
[2024-03-26 13:25:25] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] Found 1 registered OTP token (TOTP)
[2024-03-26 13:25:25] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] Requested login factors: LDAP & OTP
[2024-03-26 13:25:25] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] LDAP password Ok
[2024-03-26 13:25:25] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] Authentication challenge required
[2024-03-26 13:25:25] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] Updated user data
[2024-03-26 13:25:25] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] Started OTP authentication session of ID 50JTM7CA9bc7PRN0 valid for 90 seconds
[2024-03-26 13:25:25] [
127.0.0.1:55994] [OpenOTP:KFJ8F572] Sent login challenge response
[2024-03-26 13:25:39] [
127.0.0.1:45438] [OpenOTP:KFJ8F572] New openotpChallenge SOAP request
[2024-03-26 13:25:39] [
127.0.0.1:45438] [OpenOTP:KFJ8F572] > Username: name.user
[2024-03-26 13:25:39] [
127.0.0.1:45438] [OpenOTP:KFJ8F572] > Session: 50JTM7CA9bc7PRN0
[2024-03-26 13:25:39] [
127.0.0.1:45438] [OpenOTP:KFJ8F572] > OTP Password: xxxxxx
[2024-03-26 13:25:39] [
127.0.0.1:45438] [OpenOTP:KFJ8F572] Found authentication session started 2024-03-26 13:25:25
[2024-03-26 13:25:39] [
127.0.0.1:45438] [OpenOTP:KFJ8F572] Started transaction lock for user
[2024-03-26 13:25:39] [
127.0.0.1:45438] [OpenOTP:KFJ8F572] TOTP password Ok (token #1)
[2024-03-26 13:25:39] [
127.0.0.1:45438] [OpenOTP:KFJ8F572] Updated user data
[2024-03-26 13:25:39] [
127.0.0.1:45438] [OpenOTP:KFJ8F572] Sent login success response
2024-03-26 13:27:18 sslvpn entered username is name.user, domain_user is name.user
Debug
2024-03-26 13:27:18 sslvpn extracted username is name.user, auth domain is (null)
Debug
2024-03-26 13:27:18 sslvpn read sslvpn auth_type[1] for domain namedom.local OK
Debug
2024-03-26 13:27:18 sslvpn preparation done: user=name.user, domain=namedom.local auth_type=1, user_type=0
Debug
2024-03-26 13:27:18 sslvpn Find existing session: find_flag=2
Debug
2024-03-26 13:27:18 sslvpn No existing session found and will create a new session.
Debug
2024-03-26 13:27:18 sslvpn sslvpn_insert_pending_req: user=name.user, domain=namedom.local:, msg_id=34
Debug
2024-03-26 13:27:18 sslvpn sslvpn_read_async_status: Received msg_id=34, status xpath=/toAdmdClient/authRqstAck
Debug
2024-03-26 13:27:18 sslvpn receive auth rqst ack, rqst id=268
Debug
2024-03-26 13:27:18 sslvpn continue to wait
Debug
2024-03-26 13:27:18 sslvpn put request back to fifo with req_id=0
Debug
2024-03-26 13:27:19 sslvpn sslvpn_read_async_status: Received msg_id=34, status xpath=/toAdmdClient/authResult
Debug
2024-03-26 13:27:19 sslvpn receive auth result, rqst id=268 result=5
Debug
2024-03-26 13:27:19 sslvpn Challenge: Enter your TOKEN password , reqId: 268
Debug
2024-03-26 13:27:19 sslvpn auth success
Debug
2024-03-26 13:27:19 sslvpn 2-factor challenge: CRV1:R,E:268:bWFzc2ltby5iYXNzYW4=:Enter your TOKEN password
Debug
2024-03-26 13:27:19 sslvpn Wrote '0 CRV1:R,E:268:bWFzc2ltby5iYXNzYW4=:Enter your TOKEN password ' to /tmp/openvpn_acf_6184fadc325b60b22497632473f80720.tmp
Debug
2024-03-26 13:27:19 sslvpn put request back to fifo with req_id=268
Debug
2024-03-26 13:27:19 sslvpn Entering function sslvpn_client_event, event is 16777217
Debug
2024-03-26 13:27:19 sslvpn Entered in sslvpn_takeaddr
Debug
2024-03-26 13:27:19 sslvpn Arguments which needs to be sent:openvpn_del -1 0 1711456039
Debug
2024-03-26 13:27:19 sslvpn Going to open wgipc:
Debug
2024-03-26 13:27:19 sslvpn Success,Sending Data to sslvpn_firecluster:openvpn_del -1 0 1711456039
Debug
2024-03-26 13:27:40 sslvpn entered username is name.user, domain_user is name.user
Debug
2024-03-26 13:27:40 sslvpn extracted username is name.user, auth domain is (null)
Debug
2024-03-26 13:27:40 sslvpn read sslvpn auth_type[1] for domain namedom.local OK
Debug
2024-03-26 13:27:40 sslvpn preparation done: user=name.user, domain=namedom.local auth_type=1, user_type=0
Debug
2024-03-26 13:27:40 sslvpn Find existing session: find_flag=2
Debug
2024-03-26 13:27:40 sslvpn No existing session found and will create a new session.
Debug
2024-03-26 13:27:40 sslvpn response: '640497', req_id: 0
Debug
2024-03-26 13:27:40 sslvpn Found msg_id from challenge req: 34
Debug
2024-03-26 13:27:40 sslvpn sslvpn_insert_pending_req: user=name.user, domain=namedom.local:, msg_id=34
Debug
2024-03-26 13:27:40 sslvpn sslvpn_read_async_status: Received msg_id=34, status xpath=/toAdmdClient/authRqstAck
Debug
2024-03-26 13:27:40 sslvpn receive auth rqst ack, rqst id=268
Debug
2024-03-26 13:27:40 sslvpn continue to wait
Debug
2024-03-26 13:27:40 sslvpn put request back to fifo with req_id=0
Debug
2024-03-26 13:27:40 admd Authentication failed: user name...@namedom.local isn't in the authorized SSLVPN group/user list!
Debug
2024-03-26 13:27:40 admd Authentication of SSLVPN user [name...@namedom.local] from 5.91.26.62 was rejected, user isn't in the right group msg_id="1100-0005"
Event
2024-03-26 13:27:40 sslvpn sslvpn_read_async_status: Received msg_id=34, status xpath=/toAdmdClient/authResult
Debug
2024-03-26 13:27:40 sslvpn receive auth result, rqst id=268 result=2
Debug
2024-03-26 13:27:40 sslvpn auth failure
Debug