Hello,
Please follow the steps to configure YubiRADIUS with Open LDAP:
1. Insert IP address or host name in the browser, and login to webmin using username "root" and password "yubico".
2. Insert the domain name (eg. test.com) in the test box show in front of the "Add Domain" button and click on "Ad Domain" button this will generate the domain for your users.
3. To import the users click on "Domain Name" >> click on the “Users Import" tab.
4. You can import the users from Active Directory or OpenLdap. To import users there are two modes "normal mode" and “advanced mode".
a. For normal mode your Active Directory or OpenLDAP domain name should be same as you have created in the YRVA.
1) Select the "Directory Type" whether it is active directory or Open Ldap.
2) Give "LDAP/AD Server Address or Host Name".
3) Admin User.
4) Password.
5) Click on "Save" and then "Import Users".
b. For Advanced mode click on the "Advanced" button.
1) Select "Yes" or "No" for "Use Secure Connection?"
2) Select "Directory Type" as "Active Directory" or "OpenLDAP".
3) Give the "LDAP/AD Server IP Address" or "Host Name".
4) "Backup LDAP/AD Server IP Address" or "Host Name" ("optional" for user authentication only)
5) "Port (use 0 or blank to use the default port)" using this option you can give port number,
if you have configure for your AD/LDAP, if not this option will take it by default port number.
6) "LDAP Version" using this option you can give LDAP version.
7) "Base DN" here you can give LDAP/AD "base_dn" (e.g. DC=example,DC=com).
8) "User DN" here you can give LDAP/AD admin "user_dn" (e.g. CN=Administrator,DC=example,DC=com).
9) "Password" here you can give LDAP/AD admin user "password".
10) "Schedule" here you can select "Hourly" , "Daily" , "Weekly" schedule to import users.
11) "Filter" if you want all users, give filter as "(objectClass=person)"
12) "Login Name Identifier" for Active Directory use "sAMAccountName" or "cn" and for "OpenLDAP" use "uid".
13) Click on "Save" and then "Import Users".
==========================
For Testing please follow the steps below:
In FreeRADIUS instance of YRVA, we need to configure the IP address of the OpenLDAP server to be used for user authentication. As you know, an OpenLDAP instance is already available preconfigured on YRVA VM. We request you to please use this openLDAP instance for the first use and then you can carry on with your AD/LDAP configuration.
1) Create a new domain:
From webmin page for YRVA, go to "Domain" Tab >> put domain name "test.com" and click on "Add Domain" button
2) Import users from openLDAP:
Click on the "test.com" (on newly created domain) >>click on "User Import" tab >> click on "Advanced" button
3) Please put the following details for the configuration for Advanced mode please click on the "Advanced" button:
Use Secure Connection? => No
Directory Type => openLDAP
LDAP/AD Server Address or Host Name => <<Local VM IP address>>
Backup LDAP/AD Server Address or Host Name ==> optional or same as above
Port (use 0 or blank to use the default port) ==> 389
LDAP Version ==> 3
Base DN ==> dc=example,dc=com
User DN ==> cn=admin,dc=example,dc=com
Password ==> yubico
Schedule ==> None
Filter ==> (objectClass=person)
Login Name Identifier ==> uid
Click on "Import Users"
============================
5. After importing it will show you some messages. If import is successful click on the "Return to previous page" >> "Users/Groups".
6. This will show you all users. To assign YubiKey to users there are two ways. Make sure that whether your YubiKey is configured with online YubiKey validation server or local validation server.
a. If it is validated with online validation server then configure YRVA to online validation server using steps below.
1) Click on the link "YubiRADIUS Virtual Appliance" on the left hand side of the screen.
2) Go to "Global Configuration" tab >> click on "Validation Server" >> select "YubiCloud - Online Validation Service"
and fill information as shown below
1. Client ID: "4233" (without quotation)
2. API Key: "H9xX7BeTIbhYK3xCb/PSEeRVNvY=" (without quotation)
3. Confirm API Key: "H9xX7BeTIbhYK3xCb/PSEeRVNvY=" (without quotation)
4. Click on "save".
b. If it is validated with local validation server then configure YRVA with local validation server using the steps below.
1) Click on the link "YubiRADIUS Virtual Appliance" on the left hand side of the screen.
2) Go to "Global Configuration" tab >> click on "Validation Server" >> select "Local validation Server on YubiRADIUS
Virtual Appliance" and fill information as shown below.
3) Click on "Generate" button this will generate "API Key"
4) Click on "save".
7. To assign the YubiKey to User, Click on the link "YubiRADIUS Virtual Appliance" on the left hand side of the screen.
8. Go to domain by selecting the domain.
9. Click on the link "Assign a new YubiKey".
10. Give the login name of the user and OTP from the YubiKey.
11. In case of "Local Validation Server" you have first import YubiKeys. Please refer section 5.2.4 of "YubiRADIUS configuration guide" available at
http://static.yubico.com/var/uploads/pd ... 5_3_v1.pdf 12. For testing whether YubiKey is assigned to the user or not we need to do the Radtest for that follow the steps below.
a. Click on the link "YubiRADIUS Virtual Appliance" on the left hand side of the screen.
b. The Client secret is "test" by default.
c. Go to "Troubleshoot" tab give the username.(if there is single domain in your YRVA instance, you can give only username
if not thenb you have to give username along with domain name for e.g. "username@domain_name.com" ).
d. Then LDAP/AD password in the "Password" field.
e. YubiKey OTP in the "YubiKey OTP" or "Temporary Token" field.
f. Click on the "Send Request"
13. If your authentication is successful it will give you a response "Successful" and if not it will give you response "Failure".
Hope this helps! If you have further questions please feel free to write back to "support@yubico.com".
Thanks and best regards,
Samir.
Login
FAQ
Search
