On Wed, Oct 7, 2020, 10:48 J.T. Moore
<[email protected]<mailto:[email protected]>> wrote:
On Tue, Oct 6, 2020, 20:23 DCWNZ
<[email protected]<mailto:[email protected]>
<mailto:[email protected]<mailto:[email protected]>> > wrote:
...
So, ive created a new server. Installed all the same 1.2.0 components.
Pointed it at my DB. User login's work as expected, all connections work
fine.
However, TOTP refuses to work. get nothing but the infamous
"Verification
Failed" response.
Doug,
I ran into a similar issue with the TOTP module and MariaDB, but in my case I
was able to work around the issue by switching the database to MySQL 8.0.21, so
it probably isn't the same problem. However, if you are willing to try
compiling the guacamole client from source, I have created a modified
UserVerificationService.java that includes some additional debug logging for
the TOTP module that may be helpful to further diagnose the issue.
Please see
https://issues.apache.org/jira/projects/GUACAMOLE/issues/GUACAMOLE-1187 ...
JT, I strongly suspect the change in database is a red herring regarding the
issue you encountered. The difference between MySQL and MariaDB should be
opaque to Guacamole, or at least not so specific that it would affect only
storage of TOTP attributes.
- Mike
Mike,
Those were my thoughts too, however, changing the database was the only
difference between TOTP working and not working in my environment. I had tried
numerous things to get it working with MariaDB before doing that . With
MariaDB, I could see guacamole successfully creating the record for the secret
in guacamole_user_attribute table for the user id during the initial enrollment
step but when guacamole went to retrieve the secret to generate the token for
verification, it did not find the record in the database so it created a new
one which could not generate a token matching the user’s input. Additionally,
when the new secret was created, it would overwrite existing records for the
user’s secret in the guacamole_user_attribute table.
JT
