Too many two-factor failures

r38700 · 5 July 2021 22:24

Hello everyone, I am having a problem with LibreNMS. I accidentally failed two-factor authentication 3 times on my account, and I am now locked out of it with the following message:

Too many two-factor failures, please contact administrator.

I am asking for help, because I have not found any indications online on how to unban myself. I am the administrator and have console access to the server.

Thanks in advance for your help

rhinoau · 5 July 2021 23:16

I thought it was a timed lock-out if you exceeded the attempts, so it should clear: Two-Factor Auth - LibreNMS Docs

Either way, can you just comment out the relevant config lines in config.php and get back in?

If still an issue, the relevant details are stored the users_prefs table against the relevant user ID if you need to clear, so there are still other ways:

MariaDB [librenms]> select * from users_prefs where pref='twofactor';
+---------+-----------+-------------------------------------------------------------------------------+
| user_id | pref      | value                                                                         |
+---------+-----------+-------------------------------------------------------------------------------+
|       1 | twofactor | {"key":"xxxxxxxxxxxxxxxxxxxxx","fails":0,"last":0,"counter":false} |
+---------+-----------+-------------------------------------------------------------------------------+
1 row in set (0.000 sec)

rhinoau · 5 July 2021 23:48

Did some more testing on this as I was curious - and will update some doco after also.

If you have used Two Factor prior, and disable the lines in config.php, you’ll be able to log in normally, but the options to disable/edit it in the UI do not appear, so when you enable Two Factor options again, you’ll be in the same situation.

When I fail mine deliberately - my DB entry looks like this:

{"key":"xxxxxxxxxxxxxxxxxx","fails":3,"last":1625528743,"counter":false}

But my error shows: Too many two-factor failures, please wait 300 seconds

So try and add the $config['twofactor_lock'] = 300; to your config and see if it mentions it next time you try to login. If not, then …

EDIT probably the best way … leave it all as it is and create a temp admin user to disable/reset the main admin user account:

./lnms user:add -r admin tempadmin

Then go to Settings → Manage Users (/users) and edit the main admin user and unlock or disable 2FA - then once you’re back in, delete the temp admin user:

r38700 · 6 July 2021 13:29

Hi, thanks a lot for your help. I managed to get back in by setting the delay in settings.php.

rhinoau · 8 July 2021 04:02

Have a PR to clear this up a bit more, and also adds documentation updates to use lnms instead of config.php

./lnms config:set twofactor_lock 300

github.com/librenms/librenms

Two-factor UI config and status display

librenms:master ← rhinoau:twofactor

opened 11:40PM - 07 Jul 21 UTC

rhinoau

+97 -25

This PR improves visibility of 2FA status across users, adds config UI and defau…lts, and updates doco. Inspired by my observation of the admin experience and doco out of this forum post: https://community.librenms.org/t/too-many-two-factor-failures/16323 Changes: 1. Set config defaults for twofactor and twofactor_lock 2. Add UI config for 2FA throttle-time and help text/descriptions 3. Add Manage Users grid 2FA column and visual indicator when twofactor is globally enabled 4. Documentation to suit and general cleanup/corrections ![image](https://user-images.githubusercontent.com/78184917/124840699-260b7f00-dfbe-11eb-904c-f120b10fd48c.png) ![image](https://user-images.githubusercontent.com/78184917/124841273-70413000-dfbf-11eb-88f5-e552fd0b5363.png) DO NOT DELETE THE UNDERLYING TEXT #### Please note > Please read this information carefully. You can run `./lnms dev:check` to check your code before submitting. - [x] Have you followed our [code guidelines?](https://docs.librenms.org/Developing/Code-Guidelines/) - [x] If my Pull Request does some changes/fixes/enhancements in the WebUI, I have inserted a screenshot of it. #### Testers If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926` After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.

system · 15 July 2021 04:03

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.