Page MenuHomePhabricator

Cannot login to Wikitech w. my LDAP account
Closed, ResolvedPublic


Cannot login to Wikitech w. my LDAP account:

  • User name: GoranSMilovanovic
  • Data Scientist (Contractor) for WMDE
  • The login fails upon entering my Google Authenticator token

Please advise. Thanks.

Event Timeline

It seems like you are unable to login, due to your 2FA token being invalid. Before we reset things on this end, it is my understanding 2FA via authenticator apps can become unsynced if your phone (running the app) has an incorrect date/time.

Can you confirm your 2FA token app using phone has the proper date/time set? (If it is set, then we likely need to move onto resetting your 2FA, which is not something taken lightly, as written here:


I can confirm that my Android phone is set to correct date and time. In fact, there was no action that I have initiated that led to this login problem.

However, let me provide some context in relation to "... we likely need to move onto resetting your 2FA, which is not something taken lightly...":

Reset two factor authentication

Be careful! This is process is highly vulnerable to social-engineering attacks. Don't reset things just because a user asked you on IRC or via email. Before resetting someone's login, be sure to confirm their identity:

If you recognize them, have a face-to-face or in a video chat.

I am a contractor Data Scientist working for WMDE since 2017, full name: Goran Milovanović, working remotely from Belgrade, Serbia. My Engineering Managers @RazShuty @Tobi_WMDE_SW @WMDE-leszek can confirm this. As of the video chat verification, you can setup a Google Hangouts with me by using the following e-mail address:

If someone on WMF staff recognizes them, have a three-way video chat where a staff member vouches.

See above. Also, I guess all people from the WMF Analytics team will be able to recognize me, we had several joint meetings in the past and frequently exchange thoughts and suggestions.

Have the user write a request to disable 2fa in their home directory on a CloudVPS/Toolforge bastion.

You will need to let me know exactly what this means and how should I do this.

Also: please let me know if the procedure will in any way affect my other LDAP logins ( login is, for example, critical for my work).

Thank you very much.

I hereby confirm that user @GoranSMilovanovic is the person who owns the user account, and the person he claims to be above.

If resetting 2FA is the way to unblock Goran, then your help will be very much appreciated @RobH!

@RobH Any news here? Is there anything I can do to help?

@RobH @WMDE-leszek @RazShuty @Tobi_WMDE_SW @Franziska_Heine

I really need to insist here. It's been ten days since I have opened this ticket. I do need my Wikitech account operational, and I do need it fast.

Thank you.

Addshore subscribed.

Will schedule a call for a confirmation and then do a reset.

Mentioned in SAL (#wikimedia-operations) [2018-08-14T08:51:51Z] <addshore> addshore@labweb1001:~$ mwscript extensions/OATHAuth/maintenance/disableOATHAuthForUser.php --wiki=labswiki GoranSMilovanovic # T201122

@Addshore Thank you, I can login now. However, you probably need to know that I was not even asked to provide a 2FA token this time.

Cool this worked. If I got it right, after the reset 2FA is disabled and you'd need to turn it on again? @Addshore probably would be able to confirm this.

And finally, thanks to @Legoktm for helping out to find a quick solution today morning!

@WMDE-leszek Correct, thank you for reminding me. The 2FA is now in place and working nice.

Thanks @Legoktm and @Addshore for helping out!