-----Original Message----- From: DCWNZ <[email protected]> Sent: Wednesday, October 7, 2020 3:46 PM To: [email protected] Subject: Re: Replacing Server = TOTP not working.
This turned out to be the issue. Despite all servers set to use NTP and I swear I checked it before the NEW server was ~1 minute out of sync with the others. Problem Solved. Now I feel extra stupid and wasted ~ 8 hours troubleshooting. Should have come here for the sanity check earlier. Cheers guys! Thanks for the fast reply! Doug, Glad that worked out for you. That is a different issue than I was seeing with MariaDB where Guacamole wasn't even retrieving the previously saved secret from the database during the verification process. Gerado, The TOTP module is capable of sending log output to the Tomcat catalina.out log, however the official module does not generate sufficient log entries either when an existing secret isn't found or the generated tokens don't match. At a minimum adding warn level log entries for those events would be helpful and some additional debug level messages showing the actual values of the secret used (or at least the last few characters for improved security) and generated tokens used during the verification process would be helpful to confirm the issue. JT
