Yubico Forum ...visit our web-store at 2014-07-01T21:32:37+01:00 https://forum.yubico.com/feed.php?f=31&t=1416 2014-07-01T19:19:05+01:00 2014-07-01T19:19:05+01:00 https://forum.yubico.com/viewtopic.php?t=1416&p=5373#p5373 <![CDATA[Re: Auth-Type Perl rejecting authenitcation]]> The console outputs this line:
Use of uninitialized value $RAD_REQUEST{"Yubikey-OTP"} in string ne at /usr/share/yubix/rlm_yubiauth.pl line 80

Any idea what isn't enabled?

EDIT: It seems that this is caused by not appending the OTP during testing- oops!

Also, my issues have been narrowed down to the local server using a proxy to access Yubico's validation servers...

Statistics: Posted by Mitazake — Tue Jul 01, 2014 7:19 pm

]]> 2014-07-01T21:32:37+01:00 2014-07-01T19:13:16+01:00 https://forum.yubico.com/viewtopic.php?t=1416&p=5372#p5372 <![CDATA[Auth-Type Perl rejecting authenitcation]]> See log file below:

FreeRADIUS Version 2.1.12, for host i686-pc-linux-gnu, built on Feb 24 2014 at 15:00:10
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...

(Remove for length)

... adding new socket proxy address * port 34059
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 33562, id=43, length=78
User-Name = "podojilc"
User-Password = "password"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
Message-Authenticator = 0x776f49438a2073525a02d66125b7f8de
# Executing section authorize from file /etc/freeradius/sites-enabled/yubico-default
+- entering group authorize {...}
++[preprocess] returns ok
rlm_perl: Added pair User-Name = podojilc
rlm_perl: Added pair User-Password = password
rlm_perl: Added pair NAS-Port = 0
rlm_perl: Added pair Message-Authenticator = 0x776f49438a2073525a02d66125b7f8de
rlm_perl: Added pair NAS-IP-Address = 127.0.1.1
rlm_perl: Added pair Auth-Type = Perl
++[perl] returns updated
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "podojilc", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = Perl
# Executing group from file /etc/freeradius/sites-enabled/yubico-default
+- entering group Perl {...}
rlm_perl: Added pair User-Name = podojilc
rlm_perl: Added pair User-Password = password
rlm_perl: Added pair NAS-Port = 0
rlm_perl: Added pair NAS-IP-Address = 127.0.1.1
rlm_perl: Added pair Message-Authenticator = 0x776f49438a2073525a02d66125b7f8de
rlm_perl: Added pair Reply-Message = false
rlm_perl: Added pair Auth-Type = Perl
++[perl] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/yubico-default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> podojilc
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 43 to 127.0.0.1 port 33562
Reply-Message = "false"
Finished request 0.
Going to the next request

UPDATE:
After removing the assigned YuibKey, local authentication works successfully...It seems that when appending the OTP when testing a login it doesn't know what to do. If the password is typed incorrectly it rejects, but if the password is typed and then the OTP is added, it times out. Possible scripting error??

Statistics: Posted by Mitazake — Tue Jul 01, 2014 7:13 pm

]]>