[Solved] webconfigurator login via FreeRadius3 and google auth failing



  • My firewall is at 2.4.4-Release and I have setup freeradius3 and I am able to login with a user and password. If I change the user to use google auth I cannot login. I have the following settings:

    • System>User Manager>Authentication Servers is set to my FreeRadius3 server and is set to use PAP protocol.
    • I am entering the password as pin+code so if my pin is 1234 and the generated code is 567890 I enter 1234567890.
    • It shouldn't matter (I think) but the phone and the firewall are configured to the same timezone.
    • I tried enabling MOTP in the FreeRadius Settings but I think that is unrelated anyway.

    I see this in the system logs when I try to test authentication:

    Nov 16 10:30:28 	googleauth.py 		freeRADIUS: Google Authenticator - Authentication failed. User: ed, Reason: wrong tokencode
    Nov 16 10:30:28 	radiusd 	87366 	(1) Login incorrect (Failed retrieving values required to evaluate condition): [ed] (from client firewall port 0)
    

    This is the users config file from FreeRadius:

    /usr/local/etc/raddb/users
    
    "ed" Auth-Type = googleauth
    
    	MOTP-Init-Secret = QYGWNWJE4ZIX4IUG,
    	MOTP-PIN = 1234,
    	MOTP-Offset = 0
    

    This is a test VM so I am happy to upload any config files that would help diagnose the issue.

    The freeradius server works since password authentication succeeds so the issue is with the google auth configuration. Can anyone see what am I missing?



  • I realized that the time on the VM was off by about 2 minutes, I forced an ntp update and that took care of it.