Hello Everyone,
I have enabled the 2FA (Email) enablement on my production environment with active directory authentication method as login. After successful login, I am not getting the tokens for the login. Due to this the default admin login is also not working. Could someone suggest me on how to restore or fix the issue?
Emails not getting generated after 2FA enablement
Emails not getting generated after 2FA enablement
Thanks, Pavan
Re: Emails not getting generated after 2FA enablement
Hello @pavan509
Thanks for reaching out on the 2fA issue. Sounds like you would like to reset the nagiosadmin password so you can access the web console.
Please see this support article which will provide directions on how to check to see if the token is emailed to the root system account located in '/var/spool/mail/root'.
If the token is not received via default system mail you can then reset the password for nagiosadmin via the script, which will disable 2fA for that account.
Thanks,
Perry
Thanks for reaching out on the 2fA issue. Sounds like you would like to reset the nagiosadmin password so you can access the web console.
Please see this support article which will provide directions on how to check to see if the token is emailed to the root system account located in '/var/spool/mail/root'.
If the token is not received via default system mail you can then reset the password for nagiosadmin via the script, which will disable 2fA for that account.
Thanks,
Perry
Re: Emails not getting generated after 2FA enablement
Hello @pbroste,
Thanks for your response. I tried the steps provided in the support article and couldn't find any tokens. After resetting the nagiosadmin password, it allowed me to login into the portal again and work on it. How can we avoid such failures while implementing the 2FA and how to debug where the issue exists?
My client wants to know if the 2FA via email can be applied only to a set of users like the admin users and not for other users.
Thanks for your response. I tried the steps provided in the support article and couldn't find any tokens. After resetting the nagiosadmin password, it allowed me to login into the portal again and work on it. How can we avoid such failures while implementing the 2FA and how to debug where the issue exists?
My client wants to know if the 2FA via email can be applied only to a set of users like the admin users and not for other users.
Thanks, Pavan
Re: Emails not getting generated after 2FA enablement
Hello Perry,
Thanks for your response. I have followed the steps in the support article to find the token in the given path, however, no results were found. So I have reset the nagiosadmin password to access the web console. Is there any way to debug or find where the issue was and identify where it is getting stuck in delivering the tokens?
One more requirement from my side is it possible to enable the 2FA(email) to a set of users instead of all users? If so, please help me with the steps on how to do that.
Thanks for your response. I have followed the steps in the support article to find the token in the given path, however, no results were found. So I have reset the nagiosadmin password to access the web console. Is there any way to debug or find where the issue was and identify where it is getting stuck in delivering the tokens?
One more requirement from my side is it possible to enable the 2FA(email) to a set of users instead of all users? If so, please help me with the steps on how to do that.
Thanks, Pavan
Re: Emails not getting generated after 2FA enablement
Hello @pavan509
Thanks for following up.
I understand that you don't see any token sent to the root@localhost account during 2fA. We want you to create or edit an existing user, change or update email address to root@localhost address, and tail -f the /var/spool/mail/root during login.
Also bring up the browser Development Tools > Network > look for anything that provides "error/warnings/failures" so we can figure out where things are failing during 2fA.
Let's take a look at your Nagios XI System Profile so we can see what is going on if no headway is being made:
To send us your system profile.
Perry
Thanks for following up.
I understand that you don't see any token sent to the root@localhost account during 2fA. We want you to create or edit an existing user, change or update email address to root@localhost address, and tail -f the /var/spool/mail/root during login.
Also bring up the browser Development Tools > Network > look for anything that provides "error/warnings/failures" so we can figure out where things are failing during 2fA.
Let's take a look at your Nagios XI System Profile so we can see what is going on if no headway is being made:
To send us your system profile.
- Login to the Nagios XI GUI using a web browser.
- Click the "Admin" > "System Profile" Menu
- Click the "Download Profile" button
- Save the profile.zip file and Private Message me.
Perry
Re: Emails not getting generated after 2FA enablement
Hello Perry,
I have provided the required details through PM.
Thanks, Pavan
I have provided the required details through PM.
Thanks, Pavan
Thanks, Pavan
Re: Emails not getting generated after 2FA enablement
Hello Pavan,
Thanks for following up and sending over the System Profile.
After review, we see that the SMTP auth with host 'smtp.se.com' is failing. Looks like that was working for a while back in July, we will need to revisit your SMTP config and troubleshoot this more later on.
For the time being, let's check to see if we are able to see an authentication email go to the root@localhost for 2fA.
Head over to the NagiosXI web console > Admin > Mail Settings > Send Method:
1. Send an auth request by logging into the Nagios XI web console. You will see the 2fA prompt, now run the command from the number 2.
2. run this command to find the token that was sent:
Should look similar to this:
https://support.nagios.com/kb/article.php?id=811
Please respond with the results,
Perry
Thanks for following up and sending over the System Profile.
After review, we see that the SMTP auth with host 'smtp.se.com' is failing. Looks like that was working for a while back in July, we will need to revisit your SMTP config and troubleshoot this more later on.
For the time being, let's check to see if we are able to see an authentication email go to the root@localhost for 2fA.
Head over to the NagiosXI web console > Admin > Mail Settings > Send Method:
- Select: SendMail
- Update Settings
1. Send an auth request by logging into the Nagios XI web console. You will see the 2fA prompt, now run the command from the number 2.
2. run this command to find the token that was sent:
Code: Select all
grep -A 2 'token below' /var/spool/mail/rootI am referencing the article found here:To continue logging in, please enter the token below:
16616
--
To continue logging in, please enter the token below:<br />
<br />
16616<br />
https://support.nagios.com/kb/article.php?id=811
Please respond with the results,
Perry
Re: Emails not getting generated after 2FA enablement
Hello Perry,
Thanks for your response after analyzing the system profile. I too realized that the SMTP is not working when I tested it by sending a test email from the email settings. I will check this issue with the SMTP team as they instructed us to mandatorily use the SMTP settings for sending emails. I also verified the 2FA(email) after changing the email settings from SMTP to sendmail, I was getting the emails within a minute. I tested for different users and it was a success. However, I am not getting the 2FA via email for one user whose email address was set to root@localhost. I have sent you a PM of the user configuration of that particular user for your review. Let me know if any changes are required further on this.
Thanks for your response after analyzing the system profile. I too realized that the SMTP is not working when I tested it by sending a test email from the email settings. I will check this issue with the SMTP team as they instructed us to mandatorily use the SMTP settings for sending emails. I also verified the 2FA(email) after changing the email settings from SMTP to sendmail, I was getting the emails within a minute. I tested for different users and it was a success. However, I am not getting the 2FA via email for one user whose email address was set to root@localhost. I have sent you a PM of the user configuration of that particular user for your review. Let me know if any changes are required further on this.
Thanks, Pavan
Re: Emails not getting generated after 2FA enablement
Hello Pavan
Thanks for following up, and providing the details.
We see that User SESA615438 is authenticating via Active Directory, was wondering if you are able to verify/test to authentication on username: SESA615438. We see some messages that state:
Thanks,
Perry
Thanks for following up, and providing the details.
We see that User SESA615438 is authenticating via Active Directory, was wondering if you are able to verify/test to authentication on username: SESA615438. We see some messages that state:
Please test authentication for username; SESA615438 utilizing command ldapsearch or any other methods.ldap_bind(): Unable to bind to server: Invalid credentials
Thanks,
Perry
Re: Emails not getting generated after 2FA enablement
Hello Perry,
Thanks for your response. It was found that there was an issue with the service account used for SMTP. Once that is sorted, 2FA emails are triggered without issues when the security settings are set to none in the email settings section. But we are getting errors when the option got changed to SSL or TLS. Posted the error snippet for reference.
Thanks for your response. It was found that there was an issue with the service account used for SMTP. Once that is sorted, 2FA emails are triggered without issues when the security settings are set to none in the email settings section. But we are getting errors when the option got changed to SSL or TLS. Posted the error snippet for reference.
You do not have the required permissions to view the files attached to this post.
Thanks, Pavan