|
The Authentication failure error has been visible while logging into the FortiGate GUI with Hardtoken.
In the GUI logs, the below logs are visible:
The error indicates that it is because of the invalid Token code, even though the correct Token code is provided.
When the HTTPSD debug is collected, the below logs are visible:
2023-08-07 11:33:50 [httpsd 15717 - 1691388230 info] fweb_debug_init[417] -- New POST request for "/logincheck" f >>>>>>>>>>>>>>>>>>>>>>>>>>>>rom "192.168.30.244:58435"
2023-08-07 11:33:50 [httpsd 15717 - 1691388230 info] fweb_debug_init[419] -- User-Agent: "Mozilla/5.0 (Windows NT10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"
2023-08-07 11:33:50 [httpsd 15717 - 1691388230 info] fweb_debug_init[421] -- Handler "logincheck-handler" assigned to request
2023-08-07 11:33:50 [httpsd 15717 - 1691388230 info] logincheck_handler[291] -- TFA token retrieved ('341660') >>>>>>>>>>>>>>>>>>>>>>>>>>>>
2023-08-07 11:33:50 [httpsd 15717 - 1691388230 info] logincheck_handler[302] -- verifying token (vdom='PROD', admin='test', token='341660', code='', chal_st='2', orig_err='0', profname='super_admin_readonly')
2023-08-07 11:33:50 [httpsd 15717 - 1691388230 error] logincheck_handler[363] -- could not validate token (error=-111)
2023-08-07 11:33:50 [httpsd 15717 - 1691388230 info] output_response[58] -- sent response (status='0', buf='')
Mostly, it will be because of the NTP/time sync issue.
The sync issue can be troubleshoot by following the below KB article:
Technical Tip: Troubleshoot NTP synchronization issue
It is also possible to manually synchronize the Token with the NTP by the below command:
exec fortitoken sync <Token-serial number> <Token-code> <Next-Token-Code
Related article:
Technical Tip: Hard FortiToken clock drift adjustment
|
