| Description | This article describes what happens when users implement email authentication on VPN or administrator access and set up email to send a FortiToken Mobile using SMTP services. |
| Scope | FortiOS. |
| Solution |
Email authentication can be set or used in multi factor authentication to receive the authentication code or token. The FortiToken Mobile code can also be received through email services for authenticating VPN users or administrative access. A configuration example for two-factor authentication by email can be found here.
Once the SMTP server is set up in the FortiGate settings, users can use that email server to send email. The destination email can be found in the user configuration. 
Now, once the successful token is sent, it can be checked and verified with an alert email debug from the CLI. CLI debug:
diagnose debug reset
diagnose debug console timestamp enable
diagnose debug application fnbamd -1
diagnose debug application alertmail -1
diagnose debug enable
While the debug is being run, a logging attempt is required to fetch the information for the above debugging commands. The following output will be seen once the token has been successfully sent: 2024-12-07 14:49:00 [2365] handle_req-Rcvd auth_token req 1731425044 for test_user1 in
2024-12-07 14:49:00 [429] __compose_group_list_from_req-Group 'VPN-Users', type 1
2024-12-07 14:49:00 [733] create_auth_token_session-Created auth token session 1731425044
2024-12-07 14:49:00 Arrived msg(type 6, 82 bytes):service@example.com
AuthCode: ******
Your authentication token code is ******.
2024-12-07 14:49:00 mail_info:
from:smtp.office365.com user:test_user1@example.com <-- Sender's Email service information.
2024-12-07 14:49:00 mail_info:
reverse path:test_user1@example.com <-- Receiver's Email service information.
user name:test_user1 <-- User info.
2024-12-07 14:49:00 to[0]:service@example.com
2024-12-07 14:49:00 local auth is done with user 'test_user1', ret=7 <-- User authentication accepted.
2024-12-07 14:49:00 <==_init_mail_info
2024-12-07 14:49:00 create session
2024-12-07 14:49:00 resolve smtp.office365.com to 1 IP
2024-12-07 14:49:00 ==> send mail
2024-12-07 14:49:00 connecting to 40.99.60.2 port 587 <-- Trying to connect to the receiver SMTP server.
2024-12-07 14:49:00 send mail 0x44433e0 session 0x4434718
2024-12-07 14:49:00 session: 0x4434718, rsp_state: greeting, code: 220 <-- SMTP session started.
2024-12-07 14:49:00 session: 0x4434718, rsp_state: ehlo, code: 250 <-- Requested task completed.
2024-12-07 14:49:00 session: 0x4434718, rsp_state: starttls, code: 220 <-- Secure SMTP started and wait for clients EHLO.
2024-12-07 14:49:00 rsp_starttls: creating ssl structure for session 0x4434718
2024-12-07 14:49:00 create_ssl: 0x442fe98
2024-12-07 14:49:00 sessionn 0x4434718, SSL connected
2024-12-07 14:49:00 session: 0x4434718, rsp_state: ehlo, code: 250 <-- EHLO received.
2024-12-07 14:49:00 session: 0x4434718, rsp_state: auth, code: 334 <-- Response to AUTH and accepted.
2024-12-07 14:49:03 session: 0x4434718, rsp_state: auth2, code: 235 <-- AUTH succeeded.
2024-12-07 14:49:03 session: 0x4434718, rsp_state: mail, code: 250
2024-12-07 14:49:03 session: 0x4434718, rsp_state: rcpt, code: 250
2024-12-07 14:49:04 session: 0x4434718, rsp_state: data, code: 354 <-- Input data/content.
2024-12-07 14:49:04 === send: Your authentication token code is *******. <-- Content inserted.
2024-12-07 14:49:04 session: 0x4434718, rsp_state: data2, code: 250 <-- Data accepted/received.
2024-12-07 14:49:04 session: 0x4434718, rsp_state: quit, code: 221 <-- Service closing/BYE 221 OK.
2024-12-07 14:49:04 session finined
2024-12-07 14:49:04 _session_on_destroy
2024-12-07 14:49:04 <== send mail success, m = 0x44433e0 s = 0x4434718 <-- Received by the receiver Email Service.
The data or message will appear in plaintext and can be viewed in the debug. As soon as the communication starts processing, the RSP code 221 will appear and terminate the current session 0x44433e0. The 'send email success' indicates that the email is being successfully sent from the sender's mail service to the receiver.
Related articles:
|
