Yubico Forum ...visit our web-store at 2009-12-11T13:32:50+01:00 https://forum.yubico.com/feed.php?f=5&t=438 2009-12-11T13:32:50+01:00 2009-12-11T13:32:50+01:00 https://forum.yubico.com/viewtopic.php?t=438&p=1930#p1930 <![CDATA[Re: Yubikey Radius on premise]]>
I decided to give it a clean start on the following system below;

Systems used;
Server 1 Linux yubikey authentication stuff / radius running; Linux yubi.domain.com 2.6.18-164.6.1.el5 #1 SMP Tue Nov 3 16:12:36 EST 2009 x86_64 x86_64 x86_64 GNU/Linux

Server 2; Windows 2008 Enterprise ActiveDirectory/LDAP (mail.domain.com)

---------

Server 1;
svn checkout http://yubico-pam.googlecode.com/svn/br ... n_Premise/
autoreconf --install

At this point we should need yubico-c-client on our system so we go to http://yubico-c-client.googlecode.com/s ... n_Premise/ and check it out

make -f simple.mk check (now here I get an error)

------------------------------------------------------
[root@yubi yubico-c-client]# make -f simple.mk check
cc -I. -Wall -g -DPACKAGE=\"yubikey-client\" -DPACKAGE_VERSION=\"0\" -c -o libykclient.o libykclient.c
libykclient.c: In function âyubikey_client_simple_requestâ:
libykclient.c:122: warning: passing argument 3 of âyubikey_client_requestâ discards qualifiers from pointer target type
libykclient.c: In function âyubikey_client_requestâ:
libykclient.c:251: warning: implicit declaration of function âasprintfâ
libykclient.c:274: warning: format â%dâ expects type âintâ, but argument 2 has type âsize_tâ
libykclient.c:274: warning: field precision should have type âintâ, but argument 3 has type âsize_tâ
libykclient.c:288: warning: format â%dâ expects type âintâ, but argument 2 has type âsize_tâ
cc -I. -Wall -g -DPACKAGE=\"yubikey-client\" -DPACKAGE_VERSION=\"0\" -lcurl ykclient.c libykclient.o -o ykclient
cc -I. -Wall -g -DPACKAGE=\"yubikey-client\" -DPACKAGE_VERSION=\"0\" -lcurl selftest.c libykclient.o -o selftest
selftest.c: In function âmainâ:
selftest.c:46: error: too few arguments to function âyubikey_client_requestâ
selftest.c:54: error: too few arguments to function âyubikey_client_requestâ
make: *** [selftest] Error 1


---------------

However that error is with the selftest binary not with the ykclient binary. So I assume we can ignore it? because running ./ykclient gives valid output.

[root@yubi yubico-c-client]# ./ykclient
Usage: ./ykclient <client_id> <yubikey_output>
CLIENT_ID: your client id integer
YUBIKEY_OUTPUT: One-time password generated by yubikey

so now the binary is installed, we continue with yubico-pam installation by ./configure && make check install

now added line auth required pam_yubico.so id=1 debug userauth to /etc/pam.d/radiusd (Dont know why id=1)

moved file mv /usr/local/lib/security/pam_yubico.so /lib/security/


----------

update time


[root@yubi RADIUS_on_Premise]# /etc/rc.d/init.d/ntpd stop
Shutting down ntpd: [ OK ]
[root@yubi RADIUS_on_Premise]# ntpdate -u mail.domain.com
11 Dec 07:50:57 ntpdate[3646]: step time server 188.72.203.12 offset 111.215262 sec
[root@yubi RADIUS_on_Premise]# /etc/rc.d/init.d/ntpd start
Starting ntpd: [ OK ]


-------

configured the files

------

[root@noc RADIUS_on_Premise]# radtest test test123vrkvfefuitvflvgufcdlbjufkggukufkebeildbdkkjc 127.0.0.1 0 testing123
Sending Access-Request of id 114 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test123vrkvfefuitvflvgufcdlbjufkggukufkebeildbdkkjc"
NAS-IP-Address = 208.69.34.132
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=114, length=53
Reply-Message = "Your account has been disabled."

---

Now lets continue with the OTP parts.

--- SVN CHECKOUT
yms
yubico-php-lib
yubikey-val-server-php
yubiphpbase

so I assume we need to setup phpbase.

$aesKey = $aes->makeKey('bklftrkvbvg.....fbedtjerrbbcgkuk') change that with some random characters I believe? in yubico-php-lib/AES128.php

now setup_schema.sql is setup as yubico database.
Now editing config.php (I believe where the problem is)

However it is 6 AM so I will update this later, and if I get it to work this time, I will write a detailed guide. (if the problem is what I think it is, its a simple mistake)

--- Now here is the main bug that causes issues...

* Connected to DB successfully
Insert root client
Invalid query -- INSERT INTO clients VALUES (1,1,1,NOW(),'bora@domain.com','secrethere','Root client',0,0,1,0,0) -- Column count doesn't match value count at row 1[root@yubi yubiphpbase]#


mysql> describe clients;
+-----------+--------------+------+-----+---------------------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-----------+--------------+------+-----+---------------------+----------------+
| id | int(11) | NO | PRI | NULL | auto_increment |
| perm_id | int(11) | YES | MUL | NULL | |
| active | tinyint(1) | YES | | NULL | |
| created | datetime | NO | | 0000-00-00 00:00:00 | |
| email | varchar(255) | NO | UNI | | |
| secret | varchar(60) | NO | | | |
| notes | varchar(100) | YES | | NULL | |
| chk_sig | tinyint(1) | NO | | 0 | |
| chk_owner | tinyint(1) | NO | | 0 | |
+-----------+--------------+------+-----+---------------------+----------------+
9 rows in set (0.00 sec)

id = 1
perm_id = 1
active = 1
created = NOW() (so the date)
email = bora@domain.com
secret = secrethere
notes = root client
chk_sig = 0
chk_owner = 0

(1x 1, and 2 x 0 is too much in the query!!!) the right query should be

INSERT INTO clients VALUES (1,1,1,NOW(),'bora@domain.com','secrethere','Root client',0,0)
and not
INSERT INTO clients VALUES (1,1,1,NOW(),'bora@domain.com','secrethere','Root client',0,0,1,0,0)

manually entering the right query to see if it changes anything...

Once you edit install.php to the riqht query you can get past the yms page via the otp, then you enter your pin but this time you receive the following error.

Notice: Undefined variable: _SESSION in /var/www/yubico/yms/yubi_askpin.php on line 72
Invalid query -- SELECT id, pin FROM admin WHERE keyid= -- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1


adding the following line
session_start();
after
<?php require_once '../yubico-php-lib/AES128.php'; in /var/www/yubiphpbase/appinclude.php solved the issue now i can login to the user management interface at yms

So this was a success.

Do you want me to send you the changed files so you can fix them and add them to SVN???

-------------------

Clicking users page;

Notice: Undefined variable: findkey in /var/www/yubico/yms/list_users.php on line 111

Notice: Undefined variable: attrName in /var/www/yubico/yms/list_users.php on line 126

Notice: Undefined variable: attrVal in /var/www/yubico/yms/list_users.php on line 126
Invalid query -- SELECT COUNT(*) AS C FROM users WHERE user_status=1 -- Table 'yubico.users' doesn't exist

(Will investigate this now or later) and post back.


GOT STUCK here!! cant find the schema for the users table...

Also how do we enter the username in THE ad?

Statistics: Posted by Bora2 — Fri Dec 11, 2009 1:32 pm

]]> 2009-12-08T10:36:27+01:00 2009-12-08T10:36:27+01:00 https://forum.yubico.com/viewtopic.php?t=438&p=1923#p1923 <![CDATA[Re: Yubikey Radius on premise]]> Statistics: Posted by network-marvels — Tue Dec 08, 2009 10:36 am

]]> 2009-12-07T13:13:50+01:00 2009-12-07T13:13:50+01:00 https://forum.yubico.com/viewtopic.php?t=438&p=1919#p1919 <![CDATA[Re: Yubikey Radius on premise]]>
I was unable to setup even the VMWARE image...l IT must be outdated!!

Statistics: Posted by Bora2 — Mon Dec 07, 2009 1:13 pm

]]> 2009-11-30T07:22:57+01:00 2009-11-30T07:22:57+01:00 https://forum.yubico.com/viewtopic.php?t=438&p=1894#p1894 <![CDATA[Re: Yubikey Radius on premise]]>
http://www.yubico.com/developers/modhex/

We hope this helps!

Statistics: Posted by network-marvels — Mon Nov 30, 2009 7:22 am

]]> 2009-11-30T05:39:31+01:00 2009-11-30T05:39:31+01:00 https://forum.yubico.com/viewtopic.php?t=438&p=1893#p1893 <![CDATA[Re: Yubikey Radius on premise]]>
So how do we base64 encode the values that we are asked by the installer?

do we have to use utils.php? the output of utils.php (the secrets etc.) when we decrypt them via base64 we get *Íå£ÈwΡ¿`«
7r
auñQ52rËTæ
|aAC


type of random data.

Statistics: Posted by Bora2 — Mon Nov 30, 2009 5:39 am

]]> 2009-11-30T03:49:44+01:00 2009-11-30T03:49:44+01:00 https://forum.yubico.com/viewtopic.php?t=438&p=1892#p1892 <![CDATA[Re: Yubikey Radius on premise]]> Statistics: Posted by Bora2 — Mon Nov 30, 2009 3:49 am

]]> 2009-11-28T17:15:14+01:00 2009-11-28T17:15:14+01:00 https://forum.yubico.com/viewtopic.php?t=438&p=1887#p1887 <![CDATA[Re: Yubikey Radius on premise]]>
Followed that guide but I cant login to YMS and the some validator files are missing.

do we have o get both the trunk + the RADIUS_on_Premise branch?

Statistics: Posted by Bora — Sat Nov 28, 2009 5:15 pm

]]> 2009-11-27T16:12:08+01:00 2009-11-27T16:12:08+01:00 https://forum.yubico.com/viewtopic.php?t=438&p=1886#p1886 <![CDATA[Re: Yubikey Radius on premise]]>
http://wiki.yubico.com/wiki/index.php/A ... on_Premise

We hope this helps!

Statistics: Posted by network-marvels — Fri Nov 27, 2009 4:12 pm

]]> 2009-11-27T05:54:24+01:00 2009-11-27T05:54:24+01:00 https://forum.yubico.com/viewtopic.php?t=438&p=1885#p1885 <![CDATA[Yubikey Radius on premise]]>
We are trying to integrate yubikey with radius on linux + ActiveDirectory / LDAP on windows but none of the guides are getting us anywhere. (There isn't a real documentation.) Does anyone have a more detailed documentation?

Statistics: Posted by Bora — Fri Nov 27, 2009 5:54 am

]]>