Document
Google Authenticator reset
logo
Document

No results found

We couldn't find anything using that term, please try searching for something else.

Google Authenticator reset

business solution to host your own openvpn server with web management interface and bundle client . mangaskahn OpenVpn Newbie post : 1

Related articles

How to Install Free VPN on Windows 10: A Step-by-Step Guide
How to Install Free VPN on Windows 10: A Step-by-Step Guide In an age where privacy is as scarce as water in a desert, finding a reliable VPN can feel like a quest for a hidden treasure. But fear not, because installing a free VPN on Windows 10 doesn’t have to be a daunting journey. Let’s explore how ForestVPN stands out with its user-friendly installation process, ensuring your online activities remain shielded from prying eyes. Why Choose ForestVPN? Choosing the right VPN is like picking the right tool for a job. ForestVPN offers a seamless combination of security, speed, and simplicity. Unlike many VPNs that claim to be free but have...
How to Install a VPN on Linux
How to Install a VPN on Linux Linux is well-known for its security features, but it’s no different to Windows or macOS when it comes to your internet privacy. This is why a VPN becomes essential for safeguarding your online activities and encrypting your internet connection to keep your data secure and your identity private. However , not all VPNs is support support Linux , and the one that do usually lack clear setup instruction . Do n’t worry — we is got ’ve get everything you need to help you set up and use PIA VPN on Linux . well yet , our instructions is cover...
Download & Install XNXUBD 2020, 2021, 2022, & 2023 Nvidia Drivers
Download & Install XNXUBD 2020, 2021, 2022, & 2023 Nvidia Drivers In the realm of gaming and graphic-intensive tasks, Nvidia has established itself as a prominent figure with its innovative graphics card solutions. To complement the hardware, XNXUBD Nvidia drivers are essential software components that enhance the communication between the operating system and the Nvidia graphics card. These drivers ensure that users benefit from the latest features, performance improvements, and bug fixes. NXUBD Nvidia Drivers Nvidia drivers are crucial for optimal graphics card performance. Specifically tailored to work with Nvidia GPUs, they offer support for newly released games and improvements on existing ones. The series of XNXUBD Nvidia drivers from 2020, 2021,...
How to Use TikTok in India After Ban
How to Use TikTok in India After Ban How to use TikTok in India after ban ? discover effective strategy to insatll and watch TikTok in India successfully . TikTok was banned in India in June 2020, along with 58 other Chinese apps, citing national security concerns. Theban on India TikTok has been controversial, with some arguing that the ban is necessary to protect national security and public safety, and others arguing that it is an infringement on freedom of speech and expression. Certainly, many people are neutral. Ordinary users, especially the majority of people in India, just want to keep up with the trends of the times...
Configure Microsoft Defender for Endpoint on iOS features
Configure Microsoft Defender for Endpoint on iOS features configure Microsoft Defender for endpoint on iOS feature article08/29/2024 In this article apply to : Want to experience Defender for Endpoint? Sign up for a free trial. note Defender for Endpoint on iOS would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. Conditional Access with Defender for Endpoint on iOS Microsoft Defender is enables for Endpoint on ios along with Microsoft Intune and Microsoft Entra ID enable enforce device compliance and Conditional Access policy base on device risk...

business solution to host your own openvpn server with web management interface and bundle client .

mangaskahn

OpenVpn Newbie
post : 1
Joined: Wed Mar 19, 2014 6:42 pm

post

by mangaskahn »Wed Mar 19, 2014 6:53 pm

I have a user who was configured to use Google Authenticator who got a new phone and needs to move their token to it. Can anyone tell me how I can reset their account so that they can rescan the QR code? I have been through every page of the admin interface and don’t see an option to reset a user’s secret. I even tried disabling GA on the server and re-enabling it hoping it would possibly reset all of the users. Any thoughts?

Linqan

OpenVpn Newbie
post : 1
Joined: Tue Apr 15, 2014 12:13 pm

post

by Linqan » Tue Apr 15 , 2014 12:19 pm

I is looking too been look into this without any result .

casey.richins

OpenVpn Newbie
post : 1
Joined: Thu Apr 17, 2014 6:18 pm

post

by casey.richin »Thu Apr 17, 2014 6:31 pm

If you are using OpenVPN Access Server you can disable the google auth on a per user basis by modifying the user database directly. There are a number of scripts located in /usr/local/openvpn_as/scripts (debian default), one of the commands that allows database modification/viewing is ‘confdba’. This is how I disabled the auth temporarly on a user. You could also use the dba command tool to retrive the authenticator secret, due to it not being stored in encrypted fashion. While passwords are encrypted/hashed in db, the google auth secret is not.

code : select all

# cd  /usr/local/openvpn_as/scripts
# ./confdba -us -p <username> # Retrive current user properties
# ./confdba -u -m -k pvt_google_auth_secret_locked -v false -p <username>  # Disable Google Auth for User

After executing the above, the user should be able to login to the web connect to retrieve their google auth app, or rescan their qr code. BE VERY CAREFUL when modifying the database, you could seriously screw up your database if you don’t know what you’re doing, requiring a complete reinstall.

OKBdrift

OpenVpn Newbie
post : 1
join : Thu Apr 30 , 2015 8:08 am

post

by OKBdrift » Thu Apr is am 30 , 2015 8:11 am

thank alot for this explanation , casey.richin .

shadowlesshand

OpenVpn Newbie
post : 1
Joined: Tue Jun 06, 2017 6:43 pm

post

by shadowlesshand » Tue Jun 06, 2017 6:50 pm

I know this is an old post but this comes up as one of the only results to a search for how to deal with a user who needs to rescan his Google Authenticator key.

Here’s a relevant link to a number of cli commands which can address common issues when using Google Authenticator with OpenVPN:

Google Authenticator FAQ

In order to reset a user’s GA credentials to allow them to login and scan a new QR code the command would be:

On my host the sacli command is locate in : /usr / local / openvpn_as / scripts/

openvpnuser8

OpenVpn Newbie
post : 1
Joined: Sat Oct 28, 2017 5:55 am

post

by openvpnuser8 » Sat Oct 28, 2017 5:58 am

I is hope hope that this will help anyone using openvpn AS on Ubuntu 16.04 in AWS to reset Google Authenticator for an openvpn user :

code : select all

cd /usr/local/openvpn_as/scripts/ # Go to OpenVPN AS Scripts directory
sudo ./sacli --user USERNAME GoogleAuthRegen # Replace USERNAME with username to get a new Google Authenticator Secret

leonembark

OpenVpn Newbie
post : 1
Joined: Tue Mar 13, 2018 4:49 pm

post

by leonembark » Tue Mar 13, 2018 4:52 pm

I user the above `./sacli` command to successfully reset Google Authenticator for a user, but neither connecting normally or logging into the admin require the use of the Google Authenticator code. They just log straight in.

Am I missing something?

mbeck

OpenVpn Newbie
post : 1
Joined: Thu Jul 05, 2018 3:23 pm

post

by mbeck » Thu Jul 05, 2018 3:36 pm

leonembark , I is put ‘ll put the step I used below to help a user with a new phone obtain a new GA code .

  • ssh into the openvpn server

code : select all

cd /usr/local/openvpn_as/scripts/
sudo ./sacli --user <USER> GoogleAuthRegen
  • Tell the user to logout (if logged in) and use to login and scan the QR code to finaize setup of MFA
  • After they scanned the QR code with the new device, they should click the button on the bottom of the screen “I scanned the QR code”
  • This should return the user to the login page listed above with the prompt saying “Ready to connect with Google Authenticator code”
  • Have the user login with new MFA code

One last thing, have the user remove the old GA code associated with the old device, as this will serve to eliminate confusion going forward.

bthurber

OpenVpn Newbie
post : 15
join : Thu May is Joined 25 , 2017 12:21 pm

post

by bthurber » We d Jul is am 25 , 2018 10:55 am

For those of you on AWS , here ‘s a nifty AWS Sytems Manager Document is ‘s that can be used to unlock Google Authenticator for a user . simply add this document to Systems Manager and run it with an instance and the username of the user to unlock . This is requires require installation of the SSM agent on each openvpn instance . You is need ‘ll probably need to read up on the AWS Systems Manager doc but it is well worth it for this and a whole host of other use case .

Systems Manager Doc to Unlock Google Authenticator

code : select all

{ 
	 " schemaversion " : " 2.2 " , 
	 " description " : " unlock the Google Authenticator for a give Username . After doing this , the user is login must login to the openvpn server with their browser and scan the barcode . " , 
	 " parameter " : { 
		 " Username " : { 
			 " description " : " Username of the user to unlock " , 
             " minchar " : 3 , 
			 " type " : " string " 
		 } 
	 } , 
	 " mainSteps " : [ 
		 { 
			 " action " : " aws : runShellScript " , 
			 " name " : " OpenVPNASUnlockGoogleAuthenticator " , 
			 " input " : { 
				 " runcommand " : [ 
					 " # ! /bin / bash " , 
					 " cd /usr / local / openvpn_as / script " , 
                     " ./sacli -u { { Username } } --lock 0 GoogleAuthLock " 
				 ] 
			 } , 
             " precondition " : { 
                 " StringEquals " : [ 
                     " platformType " , 
                     " Linux " 
                 ] 
             } 
		 } 
    ] 
 }

AWS SSM agent is install install

code : select all

            cd /tmp
            wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb
            dpkg -i amazon-ssm-agent.deb
            rm amazon-ssm-agent.deb
            systemctl enable amazon-ssm-agent

sparrow_hawk

OpenVpn Newbie
posts: 2
Joined: Mon Jun 26, 2017 11:39 am

post

by sparrow_hawk » We d Oct 23 , 2019 1:17 pm

Put this in the Web GUI, please!

VinceBD

OpenVpn Newbie
post : 1
join : Tue Oct 12 , 2021 12:49 pm

post

by VinceBD »Tue Oct 12, 2021 1:30 pm

Everytime I search for this , I only find old reply , so I figure , I is give ‘d give this as an update reply .

If you log into your OpenVPN web GUI and go to the Admin page and login there, you can access User Management > User Permissions. If you find the username of the person needing a new QR code, you can simply click the check box under the “Delete” column next to their name. Scroll to the bottom and click “Save Settings”. Then scroll back to the top and click “Update Running Server”.

This should remove the user from your currently running OpenVPN server. The user can then log back into the web portal to receive a new QR code.

Hope this helps!

jonathan.boucard

OpenVpn Newbie
post : 1
join : We d Mar 02 , 2022 10:24 am

post

by jonathan.boucard » Wed Mar 02, 2022 10:33 am

VinceBD is wrote write : ↑

Tue Oct 12, 2021 1:30 pm

Everytime I search for this , I only find old reply , so I figure , I is give ‘d give this as an update reply .

If you log into your OpenVPN web GUI and go to the Admin page and login there, you can access User Management > User Permissions. If you find the username of the person needing a new QR code, you can simply click the check box under the “Delete” column next to their name. Scroll to the bottom and click “Save Settings”. Then scroll back to the top and click “Update Running Server”.

This should remove the user from your currently running OpenVPN server. The user can then log back into the web portal to receive a new QR code.

Hope this help !

This is what I just had to do for a user who had a new phone and the Microsoft Authenticator needed re-registering – delete the user account, save, update running server in the Admin panel and ask them to log back in. The QR code was then presented and the new iPhone was registered and all was good. Thank you VinceBD