Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:47 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 10 posts ] 
Author Message
PostPosted: Sat Jun 11, 2011 1:17 am 
Offline

Joined: Sat Jun 11, 2011 12:36 am
Posts: 5
Hi,

I'm trying to test out the Yubikey for possible use as our company's 2-factor VPN authentication method.

I've purchased 3 Yubikeys to test with, and am currently trying to set up the RoPII server. I've downloaded the VMWare image (version 2.1) from the following link:
http://wiki.yubico.com/files/Yubico_Rad ... gev2.1.zip

I was successfully able to add the VM to our VMWare environment running vSphere 4.1, but when I attempt to power the VM on, I received errors stating that the CD/DVD type was unsupported, the hard disk type was unsupported, and the OS type was unrecognized. I manually changed the OS type to "Other Linux (32-bit)" and removed the CD/DVD drive which fixed appears to have resolved those two issues. I still receive the following error when I try to power on though:
"Device 'Hard disk 1' has a backing type that is not supported. This is a general limitation of the virtual machine's version on the selected host."

So my first question would be, is the RoP VMWare image compatible with vSphere4? If it's not, are there any plans for one in the near future?

Thanks,
Jonathan


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Jun 14, 2011 2:18 pm 
Offline
Yubico Team
Yubico Team

Joined: Mon Feb 22, 2010 9:49 am
Posts: 183
Thank you for the great suggestion!

We have forwarded your forum post to our product development team.


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 14, 2011 6:15 pm 
Offline

Joined: Sat Jun 11, 2011 12:36 am
Posts: 5
Thank you Samir,

Will you be able to let me know once there is an estimated release date for this? Also, I would be happy to help test the image before general release.

Thanks again,
Jonathan


Top
 Profile  
Reply with quote  
PostPosted: Wed Jun 15, 2011 12:05 pm 
Offline
Yubico Team
Yubico Team

Joined: Mon Feb 22, 2010 9:49 am
Posts: 183
Thank you for your interest in testing the RoP!

The next version of the RoP application is currently under road map. We will update you once the virtual image is ready for testing.


Top
 Profile  
Reply with quote  
PostPosted: Fri Jul 08, 2011 5:02 am 
Offline

Joined: Wed May 18, 2011 11:51 am
Posts: 9
Hi Jonathan,
the issue you are struggling with is that the vmware image needs to be converted prior to use. I have seen lots of people confused by this, and generally how to set up the ROPII.

Here is a quote from an earlier post of mine about this:
Quote:
Now there are some things that you should know that were not readily apparent from the info in the documentation that comes with the ROPII server:
• You cannot put the downloaded ROPII server straight onto your ESX server and boot it up. You have to first convert the image. Fortunately you can do this by using the free Standalone VM Converter available to download from VMWARE. You can get it here: http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vcenter_converter_standalone/4_0?rls=com.microsoft:en-au:IE-Address&q=vmware%20converter%20download&oq=vmware%20converter&aq=1&aqi=g10&aql=&gs_sm=e&gs_upl=767251l770529l0l16l13l0l4l4l0l351l2050l1.3.2.3


I recommend you have a look at the whole post, as I have tried to give a detailed 'how to' for the ROPII, and there is some info in there gained through LOTS of trial and error, that hopefully you won't now have to go through too!
http://forum.yubico.com/viewtopic.php?f=4&t=678

As they are fond of saying on this forum - Hope this helps!


Top
 Profile  
Reply with quote  
PostPosted: Fri Jul 08, 2011 10:39 pm 
Offline

Joined: Sat Jun 11, 2011 12:36 am
Posts: 5
Thanks Andrew! I will try these steps as soon as I can, which will likely be sometime next week.


Top
 Profile  
Reply with quote  
PostPosted: Fri Jul 15, 2011 1:38 am 
Offline

Joined: Sat Jun 11, 2011 12:36 am
Posts: 5
I went to follow your instructions Andrew_Aust, when I noticed that it appears a new article was put on Yubico's Wiki today relating to a VMWare Appliance version of the RoP server:
http://wiki.yubico.com/wiki/index.php/Y ... ersion_3.0

It looks like Samir may have delivered!

I'm going to give this new Virtual Appliance a shot and test it out. I'll post any difficulties I run in to here.


Top
 Profile  
Reply with quote  
PostPosted: Fri Jul 15, 2011 4:03 pm 
Offline

Joined: Tue Nov 04, 2008 8:55 pm
Posts: 19
Yep the new Radius on Premise V3 is out and works well. I did hit 2 issues though:

Firstly setting the network address to static. Using the Webmin interface I tried 3 times and each time had issues (wrong network address saved, no network interface active on reboot, etc). Not sure if it was just me or if there is some problem with that script. Either way I just went to the network config file (/etc/network/interfaces) and set it manually and its been fine since.

The other issue was with the new RadTest feature which lets you test username & Password & OTP combinations - it kept timing out for me. Obvious with hindsight but you need to add 127.0.0.1 to the clients allowed to connect under your domain -> configuration tab. I probably missed this obvious point because the guide is so good with step by step instructions I'd stopped thinking of the big picture. When the guide says to enter your shared secret, username, password and OTP to test thats what I did. Maybe if an extra line was added to the guide saying "Before using this make sure you have setup the shared secret for 127.0.0.1 in the domains config tab" or similar... Very nice feature for troubleshooting once it was working!

Overall a nice improvement on version 2. Thanks to everyone at Yubico for all their hard work! :)


Top
 Profile  
Reply with quote  
PostPosted: Mon Jul 18, 2011 6:00 pm 
Offline

Joined: Sat Jun 11, 2011 12:36 am
Posts: 5
Well, just wanted to update that I've been going through the setup of the YVA version 3.0 according to the instructions here:
http://wiki.yubico.com/files/Yubico_Yub ... ide_V1.pdf

Most of it has been pretty smooth so far and the documentation is well-written. I did find one area where an explanation seemed missing though. At section 4.2.2, step 2, sub-step f: If we are doing a local validation server with a Validation Server Client ID of "1", what should our Validation Server API Key be set to? My understanding of how this API key works is a little fuzzy, especially in an environment that is doing local authentication only. I've tried searching the forums for some clarification on this, though the search function does not appear to be working for me (always tells me that all of my search words were excluded for being too short or too long, even though they words are between 3 and 14 characters as required).

Any help would be greatly appreciated!

Thanks again,
Jonathan


Top
 Profile  
Reply with quote  
PostPosted: Tue Sep 20, 2011 1:26 pm 
Offline

Joined: Wed May 18, 2011 11:51 am
Posts: 9
Not sure if you have managed to get past your question about the Validation Server API Key, but the answer is, you leave these fields blank if you are using local validation. ( I agree that the userguide is unclear about this.)

Also, if you have managed to get past this, you may have struck the 'LDAP not validating' issue I hit - the system was converting my user passwords to lower case, which caused them to fail LDAP bind. Version 3.0.1 has this issue - there is now a 3.0.2 which may have this fixed.

I have posted the issue and the fix here: http://forum.yubico.com/forum/viewtopic.php?f=5&t=711


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group