During creating a new local xg user with 2fa/mfa activated we ran into the situation that the ceration of NEW users with mfa didn't work anymore.
Setup: SFOS19.0.2 on a xgs2100 cluster (a/p)
The steps:
- I've created a local user adminxyz with administrative rights
- logged in with adminxyz into userportal to get mfa code - worked fine, qr-code is displayed
- checked the mfa with logging in as adminxyz into userportal - worked fine
- tried to login to the admin-portal - "wrong credentials", tried it ~ 10 times.
- Rechecked user-portal login - worked fine
- Switched HA active node to other node - no change
- Tried another administrative account, that was created earlier - worked fine
- Did the "mfa-check" with synchronize token time offset button at authentication > mfa > Issued tokens
- Answer 1 - red box "OTP token synchonization: timeoffset could not be determined
- Answer 2 - time offset of -200650000 (or so - ridiculous big number)
- Did the same check with an existing and still working adminaccount with mfa
- login worked
- check didn't
- Checked time - perfect in sync, ntp synchronized
Checked even the access_server.log - nothing obvious wrong.
In the moment we're stuck with that xgs, because we couldn't create anymore users with mfa.
Anybody with ideas ?
Regards !