Recent Discussions — multiOTP Pro forum

Updating php version - security issues.

multiuser34 — Tue, 03 Mar 2026 13:18:56 +0000

Hello, I'm using free version of multiotp with PHP version 8.4.13 but it has security issues according to Nessus (CVE-2025-14177) is there a way to upgrade it to min. 8.4.16 ?

Problem when double authentication

nicoco — Tue, 10 Mar 2026 08:32:03 +0000

I have a problem no my multiotp server (PHP) on Linux. I have some radius clients that try to connect twice successively (I dont't know why exactly). But in this case, the multiotp sends an error to freeradius on the second auth with message "token of user xxx already used" with error #26. Is it a normal response and in this case, is there a way to authorize a second use of the same token ?

LDAP unable to connect to DC Hardened

ICONsa — Wed, 03 Sep 2025 21:29:08 +0000

Hello, Since this morning I can no longer synchronize my multiotp to a hardened server requesting with SSL. My DC is a Windows 2025 Server. Kerberos work only with AES. If I try on LDAP port 389 I have this error message: FATAL: AD bind failed. Check the login credentials (49: Invalid credentials). (80090308: LdapErr: DSID-0C090549, comment: AcceptSecurityContext error, data 52e, v65f4) If I try with 636 port without SSL: Fatal: AD bind failed. Check the login credentials (-1: Can't contact LDAP Server) And with SSL flag : Fatal AD bind failed. Either the LDAPS connection failed or the login credential ar incorrect (Can't contact LDAP server), (Error in the pull function) Windows creds was correct. I try with ldp.exe and it's working. On Windows server a have a warning "ActiveDirectory_DomainService" 2085, error 2148074289 The SSL certificate on my DC was delivered through "Active Directory Certificate Services" maybe multiotp need to know my CA ? Best regards Luc

Locked out of Client Laptop

All0verIT — Mon, 17 Feb 2025 03:56:48 +0000

OK, So I did something REALLY stupid. I was looking at MultiOTP for the first time. I installed the Hyper-V Server on my Laptop, all working fine, but set to manual start up. I then started fiddling around with Credential Provider on the same laptop. Next time I reboot the Laptop I get the multiOTP Login screen. When I enter the local Creds, I get the request for a OTP, which I cannot supply because the Server is not running and nothing is really fully configured. I am not locked out of my laptop . . . Is there some way to disable the multiOTP login and return to the local login so I can clean up my laptop? Geoff

MultiOTP Credential Provider - Stuck at Other User

abdulaleem — Sat, 04 Jan 2025 07:36:10 +0000

I have implemented multiotp credential provider (5.9.8.0) on windows server 2016 for RDP login. Normally, Its working OK but when a user is set to change password, then credential provider brings the password change prompt and the password is changed successfully but after that instead of initiating login processes, login screen gets stuck displaying "Other User" and nothing happens.

MultiOTP Fortigate ssl-vpn group problem

JarekPogan — Tue, 09 Apr 2024 15:02:31 +0000

hi I'am trying to integrate multiotp pro as a radius (with Windows AD backend) for fortigate, and when i try to select a specific group of users this is not working, multiotp do not pass groups to fortigate, fortigate is expecting Attribue off "Fortigate-group" how can i pass something like that to fortigate with multiotp ?

connecting with RDS2022

fishtail — Thu, 21 Mar 2024 04:13:36 +0000

Hi, a newbie here. I have multiOTP running on docker. The credential provider is installed on the RD Host. When I tried to use it on RDS, it failed with "wrong one-time password" I can't find documentations (apologize if overlooked) regarding to 'ddns' folder. Here's what log showed: 2024-03-18 03:00:59 warning System Error: Unable to create the missing devices folder /etc/multiotp/ddns/ 0 842c98edad03 2024-03-18 03:01:18 warning System Error: Unable to create the missing devices folder /etc/multiotp/ddns/ 0 842c98edad03 2024-03-18 03:01:18 notice XXX User OK: User XXX successfully logged in with TOTP token 0 842c98edad03 thoughts/suggestoins is greatly appreciated.

Maintenance expires

shb256 — Tue, 20 Feb 2024 09:00:24 +0000

Hi my maintenance will expire in two days. I ve already bought a new license. Where I got a license like this XXXX-XXXX-XXXX-XXXX-XXXX, but my maintenance is still expiring in two days. Where do I have to enter this code, or will it change automaticly? thanks

one account multiple keys

shb256 — Wed, 03 May 2023 18:24:42 +0000

I know, that I can assign one key to multiple accounts. Can I also assign multiple keys to one account? thanks

Don't ask for 2FA for local account

shb256 — Thu, 13 Apr 2023 14:10:22 +0000

Hello, I ve setup multiotp in a domain environment, every thing is working as expected But on every computer I have one localadmin account. The Password of this account will change ever 30 days automaticly But when I try to login with the local account, I am ask for the second factor During installation process I have selected "Disable 2FA promt for multiOTP without 2FA users" the account name does not exist in the domain. i ve tried ".\username" and "username@computername" In both cases I am asked for the second factor Is there a way to get access with the local account and without a second factor? thanks

How to schedule backup

ICONsa — Tue, 07 Mar 2023 16:43:40 +0000

Hello, Could you help me to understand backup task ? I use day backup through FTP, how can I setup time ? When I click apply backup start and working fine, but I need to start each day at 23h00? In ftp I found 3 files 1) config--MacAddress-auto.bin 2) info--MacAddress-auto.txt 3) multiotp.cfg Multiotp.cfg was unreadable (encrypted ?) -correct ? Could you tell me if .bin files contains custom template and was secured by key ? Best regards Luc

Where is the self service portal

shb256 — Mon, 16 Jan 2023 16:55:50 +0000

Hello, I was looking for the self-service portal, but I dont find it. Maybe someone can point me the direction

Where to enter the Enterprise key ?

c_le — Mon, 26 Sep 2022 08:22:17 +0000

Hello, I just get the key for Enterprise version, where i need to put the key plz ?

FreeRadius 3 and groups

agentsmith — Wed, 15 Jun 2022 10:00:03 +0000

I have configured MultiOTP 5.8.2.1 and FreeRadius 3 for a firewall access, and it's working fine for my test user. However, when I assign a group to the user, and I receive a reject: (0) multiotpmschap: Program returned code (0) and output 'Filter-Id += "xyz",NT_KEY: 087A06B8319E21E207111468C19E1F0A ' (0) multiotpmschap: ERROR: Invalid output from ntlm_auth: expecting 'NT_KEY: ' prefix (0) multiotpmschap: ERROR: MS-CHAP2-Response is incorrect The following are set: multiotp -config group-attribute="Filter-Id" multiotp -config ldap-in-group="xyz" multiotp -set user group="xyz" There are posts suggesting that the response from MultiOTP ('Filter-Id += "xyz",NT_KEY: 087A06B8319E21E207111468C19E1F0A ') is not valid for FreeRadius 3, but may have worked with FreeRadius 2. Any workarounds? Thanks.

Cisco domain authorization via MultiOTP's FreeRadius.

NazZaR — Mon, 26 Apr 2021 11:51:09 +0000

I will try my best to describe our situation. We have configured our Cisco ASA to request domain name, domain password and OTP when users connect through Cisco AnyConnect VPN. It works well, but we need to connect only through LDAPS. To authorize username and password with domain, ASA goes to domain controller through LDAP, because ASA cannot connect through LDAPS. To authorize OTP, ASA goes to MultiOTP. MultiOTP is configured to access domain controller through LDAPS, and it uses FreeRadius to do that, as I understand. Is it possible to authorize domain requests from ASA through FreeRadius on MultiOTP? So it will be able to communicate via LDAPS with domain controller. Thank you!

Allow User to be 2FA exempted

benson — Wed, 10 Mar 2021 15:38:29 +0000

Is there a way I can make a user MFA exempted? Registry or INI file?

Yubico Keys

mmcswain — Tue, 08 Aug 2017 15:35:53 +0000

Is there documentation on how to setup users to be able to use Yubico Keys? I see the option, but do not see a way to tie a specific key to a user.

Allow multiple tokens for single user

mmcswain — Tue, 08 Aug 2017 15:37:56 +0000

It would be helpful to be able to assign multiple tokens to an individual user. Maybe a TOTP token and a Yubico Key, or something like that. They would be able to use either as their token for authentication.

Windows Authentication

mmcswain — Tue, 02 May 2017 11:05:24 +0000

We are using the MultiOTP Credential Provider from LastSquirrelIT for Windows Authentication using MultiOTP Pro as the 2nd factor. The problem is that there has not been any updates or development on this project in 2 years. Does anyone have any other Credential Provider suggestions that works well with Windows 2008 through Windows 2016?

storing username and password

sims — Mon, 29 May 2017 00:22:57 +0000

Hi, Freeradius has feature to save username and password. when we use multiotp as as 2ndfactor auth ,does it save username and password (primary auth) ? Thanks

Can't connect to AD

slan — Fri, 19 Feb 2016 13:10:56 +0000

Hello so I have configure a multiOTP VM with an AD and a Zywall USG 110 but I can't connect through the USG 110

I already posted a question in the opensource forum

Thanks for any help you can give

Bug if username use accented characters in AD

ICONsa — Mon, 23 Mar 2015 12:32:57 +0000

Hi, I have a problem with a username sync from active directory if username use accented characters

User appear twice and I can't remove

Increase log details

ICONsa — Sat, 20 Dec 2014 09:27:12 +0000

Hello,

How can I increase log détails for debugging ?

Luc

ZyWALL USG and multiOTP Pro 420b

luke17 — Wed, 02 Apr 2014 09:44:43 +0000

Hi there..

I try to connect a ZyWALL USG 50 with the multiOTP Pro 420b. I have five Zyxel OTP Tokens registred with SafeWord. After that I imported the "importAlpine.dat" in multiOTP. I can also assign the tokkens to my users.

On the ZyWALL USG 50 webinterface i added all settings from your presentation "Internetsichere_Kennwörter_OTP" from André Liechti CTO of SysCo.

So, when i try to connect with a user, the log in multiOTP says "from (192.168.200.1) for [172.16.120.64] Error: authentication failed for user ids

Do you have any solutions for my problem? Or a setup manual?

Regards,

Luke

How to activate and import ZyWALL OTPv2 / SafeWord / Aladin tokens definition file in multiOTP Pro

adminf — Mon, 07 Apr 2014 10:57:53 +0000

Hello,
I just bought a ZyXEL Starter Pack, how do I import the token in multiOTP Pro ?

Thanks for your help

Yann