2factor Auth logging me out

Dan70 · 9 June 2020 17:23

HI, somehow I cannot make 2factor Auth work

When I try with test account I get I am logged out

Any idea?

Thx in advance

Dan

Mac-Rae · 10 June 2020 15:49

Do you receive the email once typing in your username and password?

Dan70 · 10 June 2020 16:16

HI Mac-Rae,
thx! You mean after I setup the account for 2factor Auth? or when i try to login?

Thx
Dan

Mac-Rae · 11 June 2020 09:41

Ok so after enabling 2fa on the account (ticking the box on the profile) and logging out. When you attempt to loging you should have received an email?

Dan70 · 13 October 2020 15:52

Hi Mac-Rae, am so sorry … was extremely busy… but now really have to solve the 2fa or take the database off the internet…

Now right now I cannot even login to an suitecrm installation, where I only put ONE test account on 2fa with above mentioned results, but am hitting the problem now that I cannot even login with my main account (non-2fa - yet) … getting the same error message: “You have been logged out because your session has expired”.

2fa is crucial for me also because of GDPR… happy about any help!!
THx

Dan

andrew_milonavic · 13 October 2020 20:06

@Dan70,

I have the same problem.

Earlier today I installed SuiteCRM. Then I configured SMTP and sent a test email (it was successful). Next I visited my profile and clicked on the enable 2fa check box. I was immediately logged out and I have been locked out since. When I enter my user name and password I get the same message as your screenshot, I’m not sent a email and I don’t get a 2fa prompt.

Hopefully someone will know how to fix it.

Thanks

Andrew

Dan70 · 26 October 2020 15:23

Hi andrew, thanks for sharing… I am completely locked out of my isuitecrm …noone with any idea how to remedy this? And hoow to make 2fa work?

Or are all eyes on the next big version ball?

Thx

Dan

Mac-Rae · 26 October 2020 15:46

Hey @Dan70 @andrew_milonavic! Completely locked out? If you have access to the back end / database of your Suite instance i can help you recover your instance and disable 2 factor auth until you find a working method. Just let me know!

Mac-Rae · 26 October 2020 16:03

Tested just the now on 7.11.15 and this order seems to work

As an admin user;

Assuming that you have correctly configured outgoing emails,

Go to password management
Select the default templates for the system-generated passwords and press save

For system-generated password: System-generated password email
For system-generated link to reset password: Forgot Password email
For system-generated two-factor authentication code: Two Factor Authentication email

Navigate to “User Management” and select a user
Edit the user and under “User Profile” tick “Two Factor Authentication” then press Save

As a user with 2FA enabled;

Login to the CRM with your credentials as usual
If accepted you will be prompted to enter a Auth Code which was emailed to your email which is configured within the CRM
Enter or copy the Auth Code and press continue.
You will be redirected to the home page.

andrew_milonavic · 26 October 2020 16:30

Hey @Mac-Rae,

I was able to login. I disabled it via the DB. After testing a few more fresh installs I realized the problem, for me at least, is setting up 2FA on the first user. 2FA doesn’t work on my initial user. My workaround was too add a second admin user and delete the first. Everything works after that.

Thanks

Andrew

Mac-Rae · 27 October 2020 08:55

I’ll look at replicating this today, thanks!

Dan70 · 27 October 2020 09:58

HI, sorry for not chiming in right now being the OP… having internet connection issues right now so cannot work with server, will be back when solved

thx
Dan

Dan70 · 27 October 2020 18:01

Hi @Mac-Rae,
sorry, fail2ban had locked me out, now have access back.

I would rather have phpmyadmin back, but think I can edit the datbase
I am completely locked out “Your session has expired” since I 2fa-ed a test account (not main account)

How can I get access back, not sure mail server is already configured correctly?

THx a million

Dan

Mac-Rae · 28 October 2020 09:26

Hey @Dan70,

No bother, let’s get you back in action.

To get you access back we need to edit the factor_auth field in the user’s table, if like you said you don’t have PhpMyAdmin then we can connect via the command line should you be using Linux.

Step 1;
Connect to the server or location which should have access to the database

Step 2;
Run the following command replacing the credentials as needed;

mysql -h Hostname -u Username -pPassword

Note: space on the -p is deliberate

Step 3;
Once connected again run the following commands;

show databases;

Check this list for the database name and then type replacing as needed;

use Databasename

Step 4;
Once you’re using the database run the following command ensuring you replace the username for the username of the CRM user you wish to modify.

UPDATE users SET factor_auth = NULL WHERE `user_name` = 'Username';

Let me know if you have any issues

Dan70 · 28 October 2020 10:58

HI Mac-Rae,
wow, so much thanks your great support… was able to login again and somehow magically the 2fa works now

Was ablw to set my main account to 2fa and could login with emailed code

Yippie!!
Thank you!!