Wrong token length (some characters - like $*! - seems to be not allowed in the secret code)

[AnthonyFon]

Hi,

I'm a new french user of multiotp (sorry for my english). I use the vm appliance, configure multiotp to sync user with AD. I put one user (for test) in a group of AD. Sync multiotp user, then I see the user on multiotp web interface. Chek user is OK with OTP generate by google authenticator. But, after instal multiotp credential on a PC, i can't log on the domain. Wrong one time password. If I see the log it say :

LOG 2022-07-13 15:03:59 warning (user test) User Error: authentication failed for user test

LOG 2022-07-13 15:03:59 warning (user test) User *(authentication typed by the user is 13 chars long instead of 6 chars) 98 *ERROR: Authentication failed (wrong token length)

LOG 2022-07-13 15:03:59 debug Debug Debug: *Attributes sent to the RADIUS server : Reply-Message := "ERROR: Authentication failed (wrong token length)" Reply-Message := "ERROR: Authentication failed (wrong token length)"

Config of multiotp : multiotp -config default-request-prefix-pin=0 multiotp -config default-request-ldap-pwd=1 multiotp -config ldap-server-type=1 multiotp -config ldap-cn-identifier=sAMAccountName multiotp -config ldap-group-cn-identifier=sAMAccountName multiotp -config ldap-group-attribute=memberOf multiotp -config ldap-ssl=0 multiotp -config ldap-port=389

Thank's for your help. Best regards.

[multiOTP]

Hello, Have you installed the latest version of the credential provider ? (version 5.9.1.0)

Best regards

[AnthonyFon]

Hello,

Thank you for your reply. Yes we have installed the latest version. I have find the problem. We have characters that seems to not be allowed in the secret code (like $*!) I removed them from the secret code, and all is working great :) Thanks ! Best regards

[multiOTP]

Thanks for the reply, will we correct this in a next release. Best regards

[multiOTP]

Hello, Version 5.9.3.1 and further allow now special chars in the shared secret. Regards,