Hi there,
the System is running in Docker on Ubuntu Server 20.04 and Vaultwarden is Version 1.21.0.
Steps to (hopefully) reproduce:
- After creating the first User via the Webinterface (let´s call him the Admin), I created my first Organization.
- In the Organization Policies I configured 2 Settings. Enforcing 2FA and enforcing Minimums for the Master Password to Good(3).
- After that I invited a regular User to Vaultwarden and after he signed up, I went to the Organization and added him as a Manager.
- The User has no 2FA configured for himself yet, but he can access the Organization without any problem, create / modify records etc.
I understand the enforce 2FA setting that the User to access the Organization has to enable 2FA first, but I am either not understanding it correctly or it is not working in my case.
Does someone have any Idea of what might be wrong?
My current Support String:
Your environment (Generated via diagnostics page)
- Vaultwarden version: v1.21.0
- Web-vault version: v2.19.0d
- Running within Docker: true
- Uses a reverse proxy: false
- Internet access: true
- Internet access via a proxy: false
- DNS Check: true
- Time Check: true
- Domain Configuration Check: true
- HTTPS Check: true
- Database type: SQLite
- Database version: 3.33.0
- Clients used:
- Reverse proxy and version:
- Other relevant information:
Config (Generated via diagnostics page)
{
"_duo_akey": null,
"_enable_duo": false,
"_enable_email_2fa": false,
"_enable_smtp": true,
"_enable_yubico": false,
"_ip_header_enabled": true,
"admin_token": "***",
"allowed_iframe_ancestors": "",
"attachments_folder": "data/attachments",
"authenticator_disable_time_drift": false,
"data_folder": "data",
"database_max_conns": 10,
"database_url": "****/**.*******",
"db_connection_retries": 15,
"disable_2fa_remember": false,
"disable_admin_token": false,
"disable_icon_download": false,
"domain": "*****://****-****-**",
"domain_origin": "*****://****-****-**",
"domain_path": "",
"domain_set": true,
"duo_host": null,
"duo_ikey": null,
"duo_skey": null,
"email_attempts_limit": 3,
"email_expiration_time": 600,
"email_token_size": 6,
"enable_db_wal": true,
"extended_logging": true,
"helo_name": null,
"hibp_api_key": null,
"icon_blacklist_non_global_ips": true,
"icon_blacklist_regex": null,
"icon_cache_folder": "data/icon_cache",
"icon_cache_negttl": 259200,
"icon_cache_ttl": 2592000,
"icon_download_timeout": 10,
"invitation_org_name": "Password Manager",
"invitations_allowed": false,
"ip_header": "X-Real-IP",
"job_poll_interval_ms": 30000,
"log_file": null,
"log_level": "Info",
"log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
"org_attachment_limit": null,
"org_creation_users": "**********@*******.*****",
"password_iterations": 100000,
"reload_templates": false,
"require_device_email": false,
"rsa_key_filename": "data/rsa_key",
"send_purge_schedule": "0 5 * * * *",
"sends_folder": "data/sends",
"show_password_hint": false,
"signups_allowed": false,
"signups_domains_whitelist": "",
"signups_verify": true,
"signups_verify_resend_limit": 6,
"signups_verify_resend_time": 3600,
"smtp_accept_invalid_certs": false,
"smtp_accept_invalid_hostnames": false,
"smtp_auth_mechanism": null,
"smtp_debug": false,
"smtp_explicit_tls": false,
"smtp_from": "****-****-**@*******.**",
"smtp_from_name": "Password Manager",
"smtp_host": "*******-**.****.**********.*******.***",
"smtp_password": null,
"smtp_port": 25,
"smtp_ssl": true,
"smtp_timeout": 15,
"smtp_username": null,
"templates_folder": "data/templates",
"trash_auto_delete_days": null,
"trash_purge_schedule": "0 5 0 * * *",
"use_syslog": false,
"user_attachment_limit": null,
"web_vault_enabled": true,
"web_vault_folder": "web-vault/",
"websocket_address": "0.0.0.0",
"websocket_enabled": false,
"websocket_port": 3012,
"yubico_client_id": null,
"yubico_secret_key": null,
"yubico_server": null
}
