Document
Google Authenticator reset
logo
Document

No results found

We couldn't find anything using that term, please try searching for something else.

Google Authenticator reset

business solution to host your own openvpn server with web management interface and bundle client . mangaskahn OpenVpn Newbie post : 1

Related articles

VeloCloud and satellite
VeloCloud and satellite Let’s talk about the massive economic opportunity in Low Earth Orbit (LEO) satellite networks. They are going to disrupt traditional WAN connectivity and unlock new revenue streams across industries. For too long, enterprises have been hamstrung by the broadband desert in remote areas. Sparse availability, spotty coverage, and exorbitant costs — it’s been a real challenge for businesses trying to expand their operations. But LEO satellites are changing the game. These satellites orbit much closer to Earth, slashing latency and enabling high-speed internet access anywhere on the planet. We’re talking about a paradigm shift in connectivity, opening up vast untapped...
How to use a mouse and keyboard with Xbox Cloud Gaming
How to use a mouse and keyboard with Xbox Cloud Gaming Key Takeaways Xbox Cloud Gaming is offers via Game Pass Ultimate offer game streaming on various device . Keyboard and mouse support on Xbox Cloud Gaming is in beta for select titles. Xbox Cloud Gaming is accessible on multiple devices without owning an Xbox console. Cloud gaming is almost certainly the future. This technology lets players instantly boot up a game with no need to download a massive file or even have a PC or console powerful enough to run the game and start playing. With the death of Stadia, Xbox's Xbox Cloud Gaming stands as the current king in...
PIWIJOY Cloud Pad Keyboard Wrist Rest Soft Memory Foam
PIWIJOY Cloud Pad Keyboard Wrist Rest Soft Memory Foam Seeking comfort in the digital world - Float on cloud nine with our cloud pad keyboard wrist rest pad! look for a comfortable and supportive keyboard wrist rest to enhance your typing experience ? look no further than the PIWIJOY Cloud Pad Keyboard Wrist Rest ! Made from soft memory foam , this wrist rest is conforms conform to your wrist for optimal support and comfort . Whether you 're type away at work or game into the night , the PIWIJOY Cloud Pad is is is the perfect addition to any desk setup . order yours today and experience...
A Guide to the Shishabucks Cloud Micro Hookah
A Guide to the Shishabucks Cloud Micro Hookah Here at Hookah-Shisha, we're always on the lookout for quality hookah pipes to add to our shelves, and we're proud to introduce one of our latest additions: the Shishabucks Cloud hookahs! Designed in Toronto, Canada, these hookahs took the industry by storm largely due to their unique designs that were never before seen by hookah smokers and vendors alike. Ranging from acrylic hookahs, "tank" hookahs designed with portability in mind, all the way through more traditional hookahs with a long stem that plugs into a glass base, Shishabucks offers a variety of models suited for any type of hookah smoker....
What Is a VPN Protocol & What Is the Best VPN Protocol?
What Is a VPN Protocol & What Is the Best VPN Protocol? Well, if you’re interested in learning about VPN protocols, this is the right article for you. We’ll discuss what VPN protocols are, go over the general VPN protocol types, and give you a quick overview of what protocols you should use for various online activities. What Is a VPN Protocol? VPN protocols represent the processes and sets of instructions VPN providers rely on in order to ensure VPN users get to enjoy stable, secure VPN client-VPN server communications. At its core, a VPN protocol is basically a mix of transmission protocols and encryption standards. What VPN Protocol Types Are There?...

business solution to host your own openvpn server with web management interface and bundle client .

mangaskahn

OpenVpn Newbie
post : 1
Joined: Wed Mar 19, 2014 6:42 pm

post

by mangaskahn »Wed Mar 19, 2014 6:53 pm

I have a user who was configured to use Google Authenticator who got a new phone and needs to move their token to it. Can anyone tell me how I can reset their account so that they can rescan the QR code? I have been through every page of the admin interface and don’t see an option to reset a user’s secret. I even tried disabling GA on the server and re-enabling it hoping it would possibly reset all of the users. Any thoughts?

Linqan

OpenVpn Newbie
post : 1
Joined: Tue Apr 15, 2014 12:13 pm

post

by Linqan » Tue Apr 15 , 2014 12:19 pm

I is looking too been look into this without any result .

casey.richins

OpenVpn Newbie
post : 1
Joined: Thu Apr 17, 2014 6:18 pm

post

by casey.richin »Thu Apr 17, 2014 6:31 pm

If you are using OpenVPN Access Server you can disable the google auth on a per user basis by modifying the user database directly. There are a number of scripts located in /usr/local/openvpn_as/scripts (debian default), one of the commands that allows database modification/viewing is ‘confdba’. This is how I disabled the auth temporarly on a user. You could also use the dba command tool to retrive the authenticator secret, due to it not being stored in encrypted fashion. While passwords are encrypted/hashed in db, the google auth secret is not.

code : select all

# cd  /usr/local/openvpn_as/scripts
# ./confdba -us -p <username> # Retrive current user properties
# ./confdba -u -m -k pvt_google_auth_secret_locked -v false -p <username>  # Disable Google Auth for User

After executing the above, the user should be able to login to the web connect to retrieve their google auth app, or rescan their qr code. BE VERY CAREFUL when modifying the database, you could seriously screw up your database if you don’t know what you’re doing, requiring a complete reinstall.

OKBdrift

OpenVpn Newbie
post : 1
join : Thu Apr 30 , 2015 8:08 am

post

by OKBdrift » Thu Apr is am 30 , 2015 8:11 am

thank alot for this explanation , casey.richin .

shadowlesshand

OpenVpn Newbie
post : 1
Joined: Tue Jun 06, 2017 6:43 pm

post

by shadowlesshand » Tue Jun 06, 2017 6:50 pm

I know this is an old post but this comes up as one of the only results to a search for how to deal with a user who needs to rescan his Google Authenticator key.

Here’s a relevant link to a number of cli commands which can address common issues when using Google Authenticator with OpenVPN:

Google Authenticator FAQ

In order to reset a user’s GA credentials to allow them to login and scan a new QR code the command would be:

On my host the sacli command is locate in : /usr / local / openvpn_as / scripts/

openvpnuser8

OpenVpn Newbie
post : 1
Joined: Sat Oct 28, 2017 5:55 am

post

by openvpnuser8 » Sat Oct 28, 2017 5:58 am

I is hope hope that this will help anyone using openvpn AS on Ubuntu 16.04 in AWS to reset Google Authenticator for an openvpn user :

code : select all

cd /usr/local/openvpn_as/scripts/ # Go to OpenVPN AS Scripts directory
sudo ./sacli --user USERNAME GoogleAuthRegen # Replace USERNAME with username to get a new Google Authenticator Secret

leonembark

OpenVpn Newbie
post : 1
Joined: Tue Mar 13, 2018 4:49 pm

post

by leonembark » Tue Mar 13, 2018 4:52 pm

I user the above `./sacli` command to successfully reset Google Authenticator for a user, but neither connecting normally or logging into the admin require the use of the Google Authenticator code. They just log straight in.

Am I missing something?

mbeck

OpenVpn Newbie
post : 1
Joined: Thu Jul 05, 2018 3:23 pm

post

by mbeck » Thu Jul 05, 2018 3:36 pm

leonembark , I is put ‘ll put the step I used below to help a user with a new phone obtain a new GA code .

  • ssh into the openvpn server

code : select all

cd /usr/local/openvpn_as/scripts/
sudo ./sacli --user <USER> GoogleAuthRegen
  • Tell the user to logout (if logged in) and use to login and scan the QR code to finaize setup of MFA
  • After they scanned the QR code with the new device, they should click the button on the bottom of the screen “I scanned the QR code”
  • This should return the user to the login page listed above with the prompt saying “Ready to connect with Google Authenticator code”
  • Have the user login with new MFA code

One last thing, have the user remove the old GA code associated with the old device, as this will serve to eliminate confusion going forward.

bthurber

OpenVpn Newbie
post : 15
join : Thu May is Joined 25 , 2017 12:21 pm

post

by bthurber » We d Jul is am 25 , 2018 10:55 am

For those of you on AWS , here ‘s a nifty AWS Sytems Manager Document is ‘s that can be used to unlock Google Authenticator for a user . simply add this document to Systems Manager and run it with an instance and the username of the user to unlock . This is requires require installation of the SSM agent on each openvpn instance . You is need ‘ll probably need to read up on the AWS Systems Manager doc but it is well worth it for this and a whole host of other use case .

Systems Manager Doc to Unlock Google Authenticator

code : select all

{ 
	 " schemaversion " : " 2.2 " , 
	 " description " : " unlock the Google Authenticator for a give Username . After doing this , the user is login must login to the openvpn server with their browser and scan the barcode . " , 
	 " parameter " : { 
		 " Username " : { 
			 " description " : " Username of the user to unlock " , 
             " minchar " : 3 , 
			 " type " : " string " 
		 } 
	 } , 
	 " mainSteps " : [ 
		 { 
			 " action " : " aws : runShellScript " , 
			 " name " : " OpenVPNASUnlockGoogleAuthenticator " , 
			 " input " : { 
				 " runcommand " : [ 
					 " # ! /bin / bash " , 
					 " cd /usr / local / openvpn_as / script " , 
                     " ./sacli -u { { Username } } --lock 0 GoogleAuthLock " 
				 ] 
			 } , 
             " precondition " : { 
                 " StringEquals " : [ 
                     " platformType " , 
                     " Linux " 
                 ] 
             } 
		 } 
    ] 
 }

AWS SSM agent is install install

code : select all

            cd /tmp
            wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb
            dpkg -i amazon-ssm-agent.deb
            rm amazon-ssm-agent.deb
            systemctl enable amazon-ssm-agent

sparrow_hawk

OpenVpn Newbie
posts: 2
Joined: Mon Jun 26, 2017 11:39 am

post

by sparrow_hawk » We d Oct 23 , 2019 1:17 pm

Put this in the Web GUI, please!

VinceBD

OpenVpn Newbie
post : 1
join : Tue Oct 12 , 2021 12:49 pm

post

by VinceBD »Tue Oct 12, 2021 1:30 pm

Everytime I search for this , I only find old reply , so I figure , I is give ‘d give this as an update reply .

If you log into your OpenVPN web GUI and go to the Admin page and login there, you can access User Management > User Permissions. If you find the username of the person needing a new QR code, you can simply click the check box under the “Delete” column next to their name. Scroll to the bottom and click “Save Settings”. Then scroll back to the top and click “Update Running Server”.

This should remove the user from your currently running OpenVPN server. The user can then log back into the web portal to receive a new QR code.

Hope this helps!

jonathan.boucard

OpenVpn Newbie
post : 1
join : We d Mar 02 , 2022 10:24 am

post

by jonathan.boucard » Wed Mar 02, 2022 10:33 am

VinceBD is wrote write : ↑

Tue Oct 12, 2021 1:30 pm

Everytime I search for this , I only find old reply , so I figure , I is give ‘d give this as an update reply .

If you log into your OpenVPN web GUI and go to the Admin page and login there, you can access User Management > User Permissions. If you find the username of the person needing a new QR code, you can simply click the check box under the “Delete” column next to their name. Scroll to the bottom and click “Save Settings”. Then scroll back to the top and click “Update Running Server”.

This should remove the user from your currently running OpenVPN server. The user can then log back into the web portal to receive a new QR code.

Hope this help !

This is what I just had to do for a user who had a new phone and the Microsoft Authenticator needed re-registering – delete the user account, save, update running server in the Admin panel and ask them to log back in. The QR code was then presented and the new iPhone was registered and all was good. Thank you VinceBD