New installation problem with 2FA

jaime.leon 2019-12-05 22:49:14 UTC #1

Good day to all,
I have installed eGroupware 19.1 on Ubuntu Server 18.04.3 LTS following instructions at

https://github.com/EGroupware/egroupware/wiki/19.1–Installation-using-egroupware-docker-RPM-DEB-package

The installation script seems to finish successfully. The instructions indicate that 2FA is an optional feature of EGW 19.1, however when entering the sysop credentials for the first time, the system rejects access with the message “2 Factor Authentication is required”. I have no idea where to go from here. Thinking something may have been corrupted in installation, I deleted the entire Ubuntu installation and reinstalled EGW with identical results.

Is 2FA supposed to be active by default in a new installation? If so, how do I resolve obtaining access?

Thanks in advance,
Jaime Leon

StefanU 2019-12-06 08:04:43 UTC #2

Hi Jaime.

I just installed a new Ubuntu 18.04.3. Then I integrated the EGw-Repo and installed egroupware-docker.
The login works WITHOUT 2FA.

So I can’t reproduce that.

Please show us screenshots of it.

No. These are the delivered settings:

Thus both fields are optionally available during the registration:

grafik

Regards
Stefan

jaime.leon 2019-12-06 15:22:57 UTC #3

Hello StefanU,
Thanks for the quick response. As I mentioned, I ran the installation twice and I didn’t notice any errors during the installation. The login screen comes up and I can also login using the /egroupware/setup screen using the admin user.

Here is a screenshot of the login screen with the message saying “2-Factor-Authentication is required”:

Regards,
Jaime Leon

RalfBecker 2019-12-07 14:53:57 UTC #4

Is it possible you (or your password manager) entered something in the 2-factor field?

Ralf

RalfBecker 2019-12-07 15:03:23 UTC #5

Just tried it, if no 2fa is configued for your user, which obviously is not for the first time you login, you can enter something in the 2fa-field and the login still succeeds.

This is strange, no one reported something like that before!

Are you sure you have not changes something in the database?

With the following SQL, you can delete all 2fa configuration and passwords:

DELETE FROM egw_config WHERE config_app='phpgwapi' AND config_name='2fa_required';
DELETE FROM egw_ea_credentials WHERE cred_type=32;

When executing the SQL statements, they will tell you if something is deleted.

You should also delete the cache either via setup or by restarting the container.

Ralf

2-Faktor-Authentifizierung verpflichtend

2FA Reset

jaime.leon 2019-12-17 15:44:13 UTC #6

RalfBecker
I have again reinstalled everything for a third time, including Ubuntu 18.04.3 and EGroupware CE 19.1, making sure I followed the installation procedure to install “egroupware-docker”. Again I get the 2FA is required message. I then ran the SQL statements deleting the 2FA configuration, but nothing was deleted.

I did install docker as part of the Ubuntu installation. Could this be the problem?

I also noted that Rocketchat is not available at serverip/rocketchat nor serverip:3000.

Regards,
Jaime Leon

StefanU 2019-12-17 17:59:06 UTC #7

This is not necessary. egroupware-docker installs this as a dependency.

Look at my install story:

I’m installing on Debian, but this might give you another idea of how the installation is done.

How exactly did you do that?

What are the settings in the database after installation?

Stefan

RalfBecker 2019-12-17 18:13:50 UTC #8

That SQL statements wont delete anything for a plain new installation, as no 2-factor-auth will be configured there.

This is puzzling, as absolutely noone reported 2fa being switched on on a new installation.
We also do new installations as part of our release tests.

What database are you using?

Ralf

StefanU 2019-12-17 18:53:44 UTC #9

I installed Ubuntu Server 18.04.3 again, updated it and installed egroupware-docker. The 2FA settings are not set in the database (MariaDB) and therefore no 2FA is required.

@jaime.leon
Can you please document your installation step by step (with screenshots)?

Stefan

jaime.leon 2019-12-17 19:38:00 UTC #10

Dear Stefan, Ralf
I ran the SQL statements from the Phpmyadmin web interface with the egroupware database selected.
I read Stefans installation guide and now I think my problem is related to my using ‘tasksel’ to convert my Ubuntu basic installation into a LAMP server, before installing eGroupware. Could this be the problem? I am now trying a fresh install without tasksel.

Regards,
Jaime Leon

StefanU 2019-12-18 19:55:18 UTC #11

That, as written, is definitely not necessary. This can only cause problems…

I can’t tell you that. We have no idea at all how this behaviour can come about. We can’t reproduce that and we don’t have another error report about it.

Yes, try this, please.

There are many installations on Ubuntu. Personally, I prefer Debian. I wrote the reasons in my article.

Stefan

StefanU 2019-12-18 22:48:30 UTC #12

Please have a look at this article:

This will help you to understand how EGroupware is installed and how things are related.

Stefan

jaime.leon 2019-12-19 15:46:36 UTC #13

Hello Stefan
Problem solved. I reinstalled Ubuntu 18.04.3 only with OpenSSH and egroupware-docker started successfully. Thank you.

I did notice that the egroupware-docker-install.log file does not show the admin and sysop passwords until a few minutes after the installation script releases control back to the console. This confused me, thinking something went wrong immediately after completing installation and caused me to remove and reinstall egroupware needlessly. If this is normal behavior, it is not mentioned in any of the guides I read about the egroupware installation.

In reading your egroupware installation procedure post, you do not mention installing rocketchat. After the above installation, egroupware says “Rocket.Chat container or egroupware-rocketchat package needs to installed to use Rocket.Chat”. Do I still need to install rocketchat? Ubuntu reports that egroupware.rocketchat is already installed. If so, what is the recommended way to install, can I use the rocketchat snap?

Thanks in advance
Jaime Leon

StefanU 2019-12-19 19:30:18 UTC #14

Hi Jaime.

The installation is then simply not yet complete.

Please make a screenshot of it.

Is the container is running? What says

docker ps -a

? See also:

No way! We use Docker-Container to install, integrate and configure Rocket.Chat.
It’s all gonna be
apt install egroupware-docker
installed.

Please open a new topic if your Rocket.Chat is not running.

Stefan

StefanU 2022-04-08 15:54:13 UTC #16

Hi David.

Please do not post in someone else’s topic.
Create your own topic and link to this topic (copy weblink) if necessary.

Thank you.

Stefan