Hi Cornelius,
I am using Google Authenticator on an iphone. Sure enough, the issue was with the wrong hash algorithm. SHA1 works great. Thank you very much for you time and a very nice software package!
Cheers,
TravisOn Apr 15, 2015, at 12:29 AM, Cornelius Kölbel <cornelius.koelbel@netknights.itmailto:cornelius.koelbel@netknights.it> wrote:
Hello Travis,
what kind of Tokens are you using? Keyfob or Smartphone?
There are two parameters, that can lead to problems:
hashlib: Most keyfob tokens and also Google Authenticator e. al. are using sha1 hash algorithm. Unfortunately you can not change (except in the database) the hash algo, so you need to reenroll the token.
timeStep: Some keyfob tokens are using 60 seconds, not 30.
So I assume you are running the wrong hash algo.
Kind regards
Cornelius
Am 14.04.2015 um 22:44 schrieb Travis Brown:
I am using privacyIDEA 2.2 with Apache2 on Ubuntu 14.04. I followed the installation instructions here: http://privacyidea.readthedocs.org/en/latest/installation/#install-ubuntu
I set up a TOTP auth token with the following parameters:
{ “count_auth”: “10”, “hashlib”: “sha256”, “timeShift”: “0”, “timeStep”: “30”, “timeWindow”: “180” }
The problem is that none of my TOTP tokens work, and I can’t figure out how to make the DEBUG setting work. I tried to set the PI_LOGLEVEL = 10 in /etc/privacyidea/pi.cfg, but all I get are WARNING messages. That is definitely the config file referenced by the wsgi: application = create_app(config_name=“production”, config_file="/etc/privacyidea/pi.cfg")
When I try to resync the token, it returns false.
I see this in the logs occasionally: [2015-04-14 20:34:36,217][6571][140152141510400][WARNING][privacyidea.lib.tokens.totptoken:495] a previous OTP value was used again! tokencounter: 0, presented counter -1
[2015-04
Any ideas what I am doing wrong? I thought it was perhaps a time synchronization issue, but I am running NTP, and my timezone is set to UTC on the system.
Thanks,
Travis
–
You received this message because you are subscribed to the Google Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an email to privacyidea+unsubscribe@googlegroups.commailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.commailto:privacyidea@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/6cd3a92f-0a38-4657-860f-da318ecf9f72%40googlegroups.comhttps://groups.google.com/d/msgid/privacyidea/6cd3a92f-0a38-4657-860f-da318ecf9f72%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
cornelius.koelbel@netknights.itmailto:cornelius.koelbel@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.ithttp://www.netknights.it/
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
–
You received this message because you are subscribed to the Google Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an email to privacyidea+unsubscribe@googlegroups.commailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.commailto:privacyidea@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/552DE90D.6030606%40netknights.ithttps://groups.google.com/d/msgid/privacyidea/552DE90D.6030606%40netknights.it?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.