Yubico Forum ...visit our web-store at 2013-01-06T22:59:21+01:00 https://forum.yubico.com/feed.php?f=4&t=904 2013-01-06T22:59:21+01:00 2013-01-06T22:59:21+01:00 https://forum.yubico.com/viewtopic.php?t=904&p=3437#p3437 <![CDATA[Re: YubiRADIUS V3.5.4 - auto provision problem]]>
Now, there are 7 yubico keys in total associated under the reports "YubiKey Assignment" and under the domain "co.local", 3 tokens are assigned to users, the other 4 are for another domain name.

Using webadmin and browsing the domain list of users:
Domain - co.local (domainname) - All Users

Only ONE of those 3 users displays in webadmin, but only 1!


I would expect all 3 would be displayed or none, but not 1 out 3.

Statistics: Posted by nzkiwi68 — Sun Jan 06, 2013 10:59 pm

]]> 2013-01-06T20:39:15+01:00 2013-01-06T20:39:15+01:00 https://forum.yubico.com/viewtopic.php?t=904&p=3434#p3434 <![CDATA[YubiRADIUS V3.5.4 - auto provision problem]]> (V3.5.4 because HardKnoX and I cannot get users to associate with tokens with a fresh install of V3.6.0)

That's all working good using V3.5.4. User accounts have been imported from Active Directory successfully and correctly on both server1 and server.

If I manually logon to server1 using the webadmin and associate user1@co.local with a token on server1, then, shortly thereafter on server2, user1@co.local shows being associated with the same token. Good...

I have globally enabled auto provision on both server1 and server2 AND additionally I have enabled auto provision within the specific domain "co.local" on both server1 and server2.

Right, the problem:
If a valid user logons (say user2@co.local) and is authenticated by say, server1 and this user does NOT have a token associtaed with them, then auto provision kicks in and they get authenticated successfully, just as expected. The issue is, in webadmin on server1, "user2" shows as NOT have having a token assigned to them!

If you then run the "Reports" - "YubiKey Assignment" this shows that user2@co.local does in fact have a token assigned.
Interestingly, if you then logon to server2 using webadmin, again, under the domain "co.local", user2 is shown as NOT have a token assigned to them, yet, the YubiKey Assignement report on server2 also shows that user2@co.local does have a token.

This means we cannot delete tokens from users, becuase, according to webadmin, no user has any tokens assigned (except for any manual token assignments we manually did).

Statistics: Posted by nzkiwi68 — Sun Jan 06, 2013 8:39 pm

]]>