Nick : This is two different standalone servers. Its not Guacamole problem. Its Google Authenticator problem.
First server, QR Code its saved in Google authenticator with name “Apache Guacamole (guacadmin)” . Default totp-issuer and user. Second server, QR Code its saved in Google authenticator with the same name, overwriting the first one. For this, i have lost the Google autenthicator code for the first server. It’s not Guacamole fault, but if guacamole add a ramdom number to QR link, this never happen. The first server QR will be saved “Apache Guacamole (guacadmin) <random number>” and the second ““Apache Guacamole (guacadmin) <different random>”. The problem it’s both server have same name, and Google Authenticator overwrite one with another. It’s a minor problem. I change the top-issuer in guacamole.properties and reset my user in guacamole database and solved. But a normal user without access to mysql can’t fix it. De: Nick Couchman [mailto:vn...@apache.org] Enviado el: viernes, 08 de mayo de 2020 11:39 a.m. Para: user@guacamole.apache.org Asunto: Re: TOTP minimun change? On Fri, May 8, 2020 at 10:04 AM Neumen - Juan Prigoshin <jprigos...@autoneumen.com> wrote: I have 1 Guacamole up working without problems. I use TOTP for 2FA with Google Authenticator. I dont change nothing in guacamole.properties for TOTP. Default values are used. The TOTP Works great. Yesterday, for testing, I have installed a VM Virtualbox, with another Guacamole. Same config. On first login, scan the QR with Google Authenticator. This use the same name "Apache Guacamole(guacadmin)", replacing the first one! I now lost Access for mi first Guacamole. Hmmmm...it sounds like the two guacamole instances are pointed at the same database, and maybe you cleared out the TOTP configuration in the DB for the guacadmin user, or overwrote part of the DB configuration? There's something odd going on there, anyway, because you should be able to do one of two things: - Point the Guacamole install at the same database, and log in with the same guacadmin credentials and TOTP configuration. - Point the Guacamole install at a completely separate database and reconfigure from scratch. I know it's not a Guacamole problem per se, but would be nice adding a serial?/instance?/aleatory? Number to Issuer Name in TOTP. With this, never two Guacamole are going to have then same Issuer Name. If you're pointing at a different DB, this should never be an issue. If you're pointing at the same DB without removing the old TOTP configuration this also should not be an issue. That said, I could see a potential feature where there is support for multiple tokens per user - this is not necessarily an uncommon request, so it is something we could consider. But I don't think it's required for you to resolve the issue you're seeing. -Nick