Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 4:38 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Sun Jan 06, 2013 8:39 pm 
Offline

Joined: Sun Jan 06, 2013 8:22 pm
Posts: 8
I have rebuilt using 2 servers (server1 and server2) using V3.5.4 and setup sync between them.
(V3.5.4 because HardKnoX and I cannot get users to associate with tokens with a fresh install of V3.6.0)

That's all working good using V3.5.4. User accounts have been imported from Active Directory successfully and correctly on both server1 and server.

If I manually logon to server1 using the webadmin and associate user1@co.local with a token on server1, then, shortly thereafter on server2, user1@co.local shows being associated with the same token. Good...

I have globally enabled auto provision on both server1 and server2 AND additionally I have enabled auto provision within the specific domain "co.local" on both server1 and server2.

Right, the problem:
If a valid user logons (say user2@co.local) and is authenticated by say, server1 and this user does NOT have a token associtaed with them, then auto provision kicks in and they get authenticated successfully, just as expected. The issue is, in webadmin on server1, "user2" shows as NOT have having a token assigned to them!

If you then run the "Reports" - "YubiKey Assignment" this shows that user2@co.local does in fact have a token assigned.
Interestingly, if you then logon to server2 using webadmin, again, under the domain "co.local", user2 is shown as NOT have a token assigned to them, yet, the YubiKey Assignement report on server2 also shows that user2@co.local does have a token.

This means we cannot delete tokens from users, becuase, according to webadmin, no user has any tokens assigned (except for any manual token assignments we manually did).


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Sun Jan 06, 2013 10:59 pm 
Offline

Joined: Sun Jan 06, 2013 8:22 pm
Posts: 8
I've been monitoring our newly installed server1 and server2 - V3.5.4

Now, there are 7 yubico keys in total associated under the reports "YubiKey Assignment" and under the domain "co.local", 3 tokens are assigned to users, the other 4 are for another domain name.

Using webadmin and browsing the domain list of users:
Domain - co.local (domainname) - All Users

Only ONE of those 3 users displays in webadmin, but only 1!


I would expect all 3 would be displayed or none, but not 1 out 3.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group