Jump to content
johnduprey

Google Authenticator for LabTech

Recommended Posts

 

 

I know this feature has been requested many times, and people have been waiting quite some time for it. So I decided to dedicate some time and build one myself. This is my first foray into building a fully featured LT plugin, so please be kind and let me know if you run into any problems. Message me on slack @jduprey, I'm generally online.

 

I built this plugin around the Google Authenticator NuGet package by Brandon Potter https://www.nuget.org/packages/GoogleAuthenticator/

 

Requirements

  • LabTech 10+
  • .NET 4.0
  • Google Authenticator App

Features

  • Free Two Factor Authentication for LabTech logins.
  • The ability to "remember" a device for 30 days, similar to how Gmail 2FA operates.
  • User Management
  • Policy Enforcement (beta)
  • Automatic updates
  • Working on Control Center and Web

 

Installation

1. Download the plugin and install using the plugin manager

https://cnsit.com/ltplugins/GoogleAuth.zip

 

Current version 1.0.6.5

 

2. Log into the Control Center with Super Admin credentials and open the Google Authenticator settings from the Tools menu

gauth-user-settings.png

 

3. Go to the Integration page on the Dashboard to enable/disable features and manage users

Gauth-Admin-Config.png

 

4. Update User Classes to include access to the Google Authenticator plugin

permissions.png

 

5. Generate an authentication code, validate and save

google-auth-login.png.70dc66393eda23b23f79f055f96e8542.png

Share this post


Link to post
Share on other sites

John,

 

I've installed without issue and can generate code and it shows up with code, however, the plugin will not accept the validation code. Keeps saying invalid PIN. I've tried various formatting when entering without success ######, ### ###, ###-###. Any suggestions.

 

Also, I noticed on the Admin tab, the option to Show Server Address On Authenticator App will not stay checked. Once checked and application closed and re-opened, the check is gone.

 

Thanks,

 

Jeff

Share this post


Link to post
Share on other sites

You should be able to just enter it in the XXXXXX format. Try hitting reset and generate again. I'll work on fixing the bugs though. Thanks for the feedback.

Share this post


Link to post
Share on other sites

Alright, I posted a new version to the same link.

 

Remove the old plugin, drop the tables, install the new version and try again.

 

DROP TABLE `plugin_cns_googleauth_config`;
DROP TABLE `plugin_cns_googleauth_users`;
DROP TABLE `plugin_cns_googleauth_devices`;

Share this post


Link to post
Share on other sites

John,

 

Now that all the other crap is resolved and plugin is configured and enabled and verified...I still have an issue with being challenged for code.

 

Admin tab is configured properly, code is generated and pin authenticated, user classes updated. LT Services restarted, CC closed and reopened, but no authentication challenge :(

 

Suggestions?

 

 

Jeff

Share this post


Link to post
Share on other sites

As long as the first two checkboxes are checked for enabling it, you should be getting an authentication prompt. If you re-open the google authenticator settings from the menu does it say that it's already configured?

Share this post


Link to post
Share on other sites

Sadly this did not resolve it either. Are there any dependency .dll files that need to be downloaded and placed in any folders on the LT Server perhaps. Any logging that we can enable for this plugin?

 

I've looked at the LT logs and found this after closing CC and reopening:

 

LTClient-Finished Loading Plugins v110.297 8/18/2016 6:51:12 AM:::

LTClient-Failed to set the loading status - LabTech.Interfaces.IPolicy - LTGoogleAuthenticator.Policy - = System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.NotImplementedException: The method or operation is not implemented.

at LTGoogleAuthenticator.Policy.get_Name()

--- End of inner exception stack trace ---

 

Thanks.

 

Jeff

Share this post


Link to post
Share on other sites

Interesting, well I defined a name for the IPolicy class and uploaded a new version of the plugin. Try updating it from the link and re-launch the control center.

Share this post


Link to post
Share on other sites

Ok...plugin updated, LT services restarted, closed and re-launched CC. Still nothing...just logs into CC. No errors this time in the LTcErrors log though.

 

Rebuilt local cache to test and same results, just logs in. I've also disabled all community plugins except Google Auth...same results. I'm not seeing a program files\LabTech\logs\Plugin_Google_Authenticator.log file. You may not be creating one.

 

Any other suggestions?

 

Jeff

Share this post


Link to post
Share on other sites

I'll work on a new build with logging so we can trace where the problems are occurring. You should only need that one dll file, it includes the other dependencies.

Share this post


Link to post
Share on other sites

Updated plugin. Same results on launch of CC. Here is the log detail:

 

 

LTAgent v110.297 - 8/18/2016 11:09:03 AM - Plugin GoogleAuth, Version=1.0.2.18, Culture=neutral, PublicKeyToken=null: GAuth - IPermissions Initialized:::

LTAgent v110.297 - 8/18/2016 11:09:23 AM - Plugin GoogleAuth, Version=1.0.2.18, Culture=neutral, PublicKeyToken=null: GAuth - Permissions set for googleauth tables:::

LTAgent v110.297 - 8/18/2016 11:09:23 AM - Plugin GoogleAuth, Version=1.0.2.18, Culture=neutral, PublicKeyToken=null: GAuth - Permissions set for googleauth tables:::

LTAgent v110.297 - 8/18/2016 11:09:47 AM - Plugin GoogleAuth, Version=1.0.2.18, Culture=neutral, PublicKeyToken=null: GAuth - Permissions set for googleauth tables:::

 

 

not much help from what I'm seeing.

Share this post


Link to post
Share on other sites

Yeah, I think you're looking at a different log file. That looks correct, it's just setting permissions so that the client can access the new tables. Take a look at this screenshot and let me know if you're seeing the IPolicy logs, that's what handles the Authenticator login prompt.

 

 

It's in C:\ProgramData\Labtech Client\Logs\_LTcErrors.txt file.

logs.png.4cd940ae4d87472bb15c33001af2132a.png

Share this post


Link to post
Share on other sites

Ok..

 

 

LTClient-GAuth - IPolicy Initialized v110.297 8/18/2016 11:32:19 AM:::

LTClient-GAuth - IPolicy - Checking login v110.297 8/18/2016 11:32:21 AM:::

LTClient-GAuth IPolicy Checklogin Error:Object reference not set to an instance of an object. v110.297 8/18/2016 11:32:21 AM:::

LTClient-GAuth - IPolicy Initialized v110.297 8/18/2016 11:53:56 AM:::

LTClient-GAuth - IPolicy - Checking login v110.297 8/18/2016 11:53:58 AM:::

LTClient-GAuth IPolicy Checklogin Error:Object reference not set to an instance of an object. v110.297 8/18/2016 11:53:58 AM:::

 

 

Thanks.

Share this post


Link to post
Share on other sites

I uploaded a new version, try going into the Admin settings, hit the reset database button and create a new authentication code. There should be more logging in the control center logs file as well.

Share this post


Link to post
Share on other sites

John,

 

I updated and followed steps outlined. Here is what is found in the LTcErrors.log now:

 

LTClient-GAuth - IPolicy Initialized v110.297 8/18/2016 4:12:50 PM:::

LTClient-GAuth - IPolicy Enabled for Control Center v110.297 8/18/2016 4:12:52 PM:::

LTClient-GAuth - IPolicy - Checking login for jbrock v110.297 8/18/2016 4:12:52 PM:::

LTClient-GAuth - Unable to validate authentication. v110.297 8/18/2016 4:12:52 PM:::

 

I'm never prompted to supply authentication code though.

 

Sorry to be such a pain... :mrgreen:

 

Jeff

Share this post


Link to post
Share on other sites

Jeff,

 

No worries, try the uninstall this time and reload the db agent and control center. That should re-create all the database tables and start from scratch. It looks like it's having trouble pulling your authentication code from the database. If you have sqlyog or anything else installed, check to make sure there's an entry for your userid on the plugin_cns_googleauth_users table.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...