Authentication Bypass in MailboxImportServlet vulnerability (reminder)
https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/

zimbra 8.8.15 two factor

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
ockana
Posts: 3
Joined: Wed Sep 21, 2022 10:16 am

zimbra 8.8.15 two factor

Postby ockana » Fri Sep 23, 2022 7:30 am

Hello

I want to use two-factor authentication on zimbra.
I followed the automatic installation tutorial of zetalliance (Zimbra FOSS Two Factor Authentication powered by PrivacyIDEA) with success.

My problem, I don't know how to activate it?
I need help please


phoenix
Ambassador
Ambassador
Posts: 27085
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: zimbra 8.8.15 two factor

Postby phoenix » Fri Sep 23, 2022 9:17 am

First of all you always need to give the Zimbra version that you're using and you should (always) post the full output of the following command:

Code: Select all

zmcontrol -v


What, exactly, do you mean by 'activate'? We're not mind readers so please describe what's happening.

You also haven't given any details of which installation instructions you've followed i.e. single server or multi-server and which back-end you're using for usernames & passwords - more detail in a post is always better than none. ;)
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
ockana
Posts: 3
Joined: Wed Sep 21, 2022 10:16 am

Re: zimbra 8.8.15 two factor

Postby ockana » Fri Sep 23, 2022 4:43 pm

zmcontrol -v

result

Release 8.8.15.GA.3869.UBUNTU16.64 UBUNTU16_64 FOSS edition, Patch 8.8.15_P31.1.

By enabled I mean:

At the time of authentication,
I do not receive the token generated by PrivacyIDEA
phoenix
Ambassador
Ambassador
Posts: 27085
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: zimbra 8.8.15 two factor

Postby phoenix » Fri Sep 23, 2022 5:19 pm

I haven't used 2FA so please excuse the 'simple' questions. How is the token sent to you, email or sms? Is there any log that show the token has been sent?
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
ockana
Posts: 3
Joined: Wed Sep 21, 2022 10:16 am

Re: zimbra 8.8.15 two factor

Postby ockana » Fri Sep 23, 2022 8:31 pm

The token is not transmitted by email or sms. The principle is as follows, after installing 2FA, you must go to the settings of your zimbra account and configure the settings for 2FA authentication.
The first thing to do is to go to playstore and download google authenticator, then scan the qr from zimbra to add your device.
After this step, the parameters are saved.

My problem is precisely this:
after having entered my login and password and validated, zimbra should show me another form asking me to enter the code (token) provided by the google authenticator application.
But it does not offer me this, I authenticate myself directly.

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 33 guests