54place
Rohos All the ideas and discussions
0 votes Vote

Evaluating OTP in AD

I am evaluating Rohos on a W2K12 Windows AD server (single Server on virtual machine, windows 60 day trial license, not activated).

Installation was OK
Configured to use Rohos only with AD group "rohos" Users
Assigned User xyz to group "rohos"
Setup Google Token for xyz

Following Sequence:
- Boot System (Loginscreen has OTP entry field)
- Login "Administrator" with pw without OTP (works)
- logoff
- Login "Administrator" with pw without OTP (works)
- logoff
- Login "xyz" with pw (fails, no otp)
- Login "xyz" with pw and otp (fails with "wrong otp" if wrong otp)
- Login "xyz" with pw and otp (fails with "wrong usertype" if correct otp)
- After the first try to login "xyz", no more login of Administrator is possible

Two questions:
What usertype needs to be provided?
Some login fields do not seem to be cleard correctly after a failed attempt to login,
so that a new login requires OTP allthough the loginuser is no member of "rohos".
Will there be a fix available for that?

Cheers
Volker

Volker , 26.05.2016, 10:51
Response from the site administrator
teslineinc, 27.05.2016
Dear customer,
Because you are working with AD server (domain controller), not all the types of users are allowed to login here. The user must be member of domain administrators group or Administrators group.
About login with/without username: Usually, if OTP is assigned for a user, he can write only his OTP into its field. If a user needs to change his password on next logon, he needs to write his username and password too.
OTP code can be used only once. If you wrote wrong OTP code, you must wait until it changes and write new one. It you wrote correct one, but by different reasons you did not logged in, you must wait before it changes too.
Idea status: under consideration

Comments

Leave a comment