OpenOTP and Active directory

[Artemis Mytilinaios]

Hello,

I am building an infrastructure including 1 x OpenOTP server, 1 Windows Server 2019 Active Directory and some client machines. I followed the available documentation on the website and I think that I managed to configure both OpenOTP and AD servers correctly. The problem is that when I installed the openotp plugin on the server and the client machine, I couldn't make it work and what I mean. After the installation of the plugin I log out from the user and the enviroment did not look like the one in the documentation https://www.rcdevs.com/docs/howtos/ad_openotp/ms_ad/ . Also I cannot see any logs in the following file /opt/webadm/logs/webadm.log. I can assist with the configuration and every information that you need.

Kind regards,

Artemis

[Artemis Mytilinaios]

I also did something that I discovered, I used the test authentication user and attached you can find the logs. The test was so successful so I am guessing that something I am doing wrong in the windows machines.

Kind regards

Artemis.

[Benoît Jager]

Hello,

Do you speak about the credential provider for the plugin? In that case, can you switch on debug logs as described here:

https://www.rcdevs.com/docs/howtos/openotp_cp/openotp_cp/#871-enable-debug-logs

do an authentication trial, and provide the file in C:\RCDevsLogs\CP-Logs folder?

Best regards

[Artemis Mytilinaios]

Hello,

Thank you for your reply. I tried to enable logging but I realized that something bad is happening. There is no entry for rcdevs folder in the registry and I know for sure that I installed credential provider plugin. So I did a re-install of the plugin and I have the attatched error. If I try to access my server through a url like https://145.100.110.24:8443/openotp/ I am able to download the openotp file. So I believe that the plugin is not installed correctly. 

Thank you in advance.

Kind regards

[Benoît Jager]

Hello,

During installation, can you click on the Configure button when you have configured WebADM URL as on url_error1.PNG picture. This should get the right URL automatically.

Also, be sure to execute the installer from a powershell open as administrator as explained here:

https://www.rcdevs.com/docs/howtos/openotp_cp/openotp_cp/#5-installation-and-configuration

I see from your screenshot that you are installing 32bit version of CP, this could also be the cause of the issue. If your Windows host is 64bit, please use the following installer:

https://www.rcdevs.com/downloads/download/1/Plugins/OpenOTP_CredentialProvider-1.3.2.0-x64.zip/

Best regards

[Artemis Mytilinaios]

Hello,

I want to really thank you for your assistance. Installing the correct version of the plugin solved all the problems. I do not know what made me installing the 32-bit version just confused with x86 and x64. I also tested with a test user and it worked perfectly. One last question, how can I make the otp login persistant and not allowing a user to login through traditional ldap login.

Kind regards

[Benoît Jager]

Hello,

You are welcome. In order to make otp login persistent, you have to make Credential Provider the default provider. This can be done during the install:

https://www.rcdevs.com/docs/howtos/openotp_cp/3.png

Before doing this, check that authentication is well working with otp. If you have any issue of authentication when otp is configured as default provider, you can look here to switch back to windows login:

https://www.rcdevs.com/docs/howtos/openotp_cp/openotp_cp/#84-unable-to-login-at-all

Best regards

[Artemis Mytilinaios]

Thanks for the answer. One last question (haha), is it possible to configure a linux client to login using push login instead of token?

Kind regards,

Artemis

[Yoann Traut (RCDevs)]

Hello,

Yes it possible. 

Have a look here for linux login integrations : 

https://www.rcdevs.com/docs/howtos/openotp_pam/pam_openotp/

Regards