Unable to enable MFA for selective users when using in combination with LDAP for authentication

sshaikh
OpenVpn Newbie
Posts: 1
Joined: Wed Jul 12, 2017 7:01 pm

Unable to enable MFA for selective users when using in combination with LDAP for authentication

Postby sshaikh » Wed Jul 12, 2017 7:22 pm

I am using LDAP for authentication and try to using MFA alongside. Below are my scenarios.
1. When MFA is enabled for everyone under the client setting using the Google Athenticator support, it works fine. And then I can selective disable it for specific users using the below
Q: How to enable Google Authenticator in general, but disable it for certain specific accounts or groups?

A: First, enable Google Authenticator for all accounts:

./sacli --key vpn.server.google_auth.enable --value true ConfigPut
./sacli start
Next, disable for specific users or groups:

./sacli --user <USER_OR_GROUP> --key prop_google_auth --value false UserPropPut


2. However when I try to achieve the reverse of disabling MFA for everyone but a selective few users, it does not seem to work. Again I am following the steps below.

Q: How to disable Google Authenticator in general, but enable it for certain specific accounts or groups?

A: First, disable Google Authenticator for all accounts:

./sacli --key vpn.server.google_auth.enable --value false ConfigPut
./sacli start
Next, enable for specific users or groups:

./sacli --user <USER_OR_GROUP> --key prop_google_auth --value true UserPropPut

I am not received any credible help from the open vpn support team. Has anyone had this issue? Is there any caveat that I could be missing, please let me know.

Return to “Access Server”

Who is online

Users browsing this forum: No registered users and 3 guests