Hello, we are in the process of migrating to privacyidea. We installed a 3.10.2 and as our users are migrated from old to new vpn we discovered that some users can’t login anymore after a few days.
After browsing the community forums I found similar problems but with no solution.
We have autoresync enabled and some users have a timeshift value of -150 but the timewindow value is 120 so they can’t connect anymore. If we resync the token from the interface the timeshift value is reset to a correct value (around 0).
I though from reading that enabling a really wide autoresync value (like 1000) could resolve the problem but it’s not. I set it to a low value of 60s.
Most of the tokens were set with a timewindow of 120s so I wanted to enlarge it to 180s and eventually reset the token that are already past boundaries.
Am I misunderstanding or not ?
Thanks for your help.