Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 3:04 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Mon Oct 01, 2012 5:03 pm 
Offline

Joined: Thu Apr 21, 2011 9:03 pm
Posts: 14
I’m running YubiRadius 3.5.3 as a VMware VM. It has been up and running for weeks without a problem.

However, Yesterday morning (August 30, 2012) it seems to have stopped working correctly. Our ASA was getting authentication failed responces from the YubiRadius server, even in cases where we are certain the input was correct. The report for “authentication Requests” showed nothing after about 13:00 UTC. No successes and no failures, nothing. Restarting the YubiRadius server did not change anything, and the ASA was still getting auth failure replies. Using the “Troubleshoot” tab I verified that it was correctly processing OTPs, and was getting correct “success” responces. I also verified that the LDAP connection was working by rungging a user import manually, and changing LDAP servers.

The YubiRadius was still returning auth failures.

I then restored a snapshoot/checkpoint from the previous day, and everything worked again... breifly. By the following morning (Today, October 1) it wasn’t working again. Another snapshot/checkpoint restore, and it works breifly again. A few people are able to successfully authenticate, then it start rejecting again. When these authintication rejections are recived by the ASA, the “authentication Requests” report shows nothing.

I have network packet captures if that is helpful. They show the ASA reciving a “Code: Access-Reject (3)” while the YubiRadius shows nothing in it “authentication Requests” report. Prior to this (where the YubiRadius rejects everything) the “authentication Requests” report did correctly show both success and failed authentication atempts.

Any help would be greatly apreciated. What else can I try?


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon Oct 01, 2012 6:28 pm 
Offline

Joined: Thu Apr 21, 2011 9:03 pm
Posts: 14
I just receved the following email:
Quote:
Dear YubiRADIUS user,

As you may have already observed, as of last night YubiRADIUS has not been correctly authenticating YubiKeys. Our technical team has uncovered the root of the issue.

A security patch for FreeRADIUS released last night has impacted the YubiRADIUS authentication, preventing the validation of any YubiKey generated OTP. We are urgently working on a YubiRADIUS Patch to resolve this issue. We will release an update as soon as possible.

When available, YubiRADIUS users will be contacted via email and the patch with installation instructions will be accessible on the Yubico website at yubico.com/yubiradius.

Follow the progress here » http://yubico.us4.list-manage1.com/track/click?u=f089f8c003910ccc8b7308b56&id=e6c0664b31&e=d1547e8426

Yubico Support Team
yubico.com


Guess I'm in good company and will just wait...


Top
 Profile  
Reply with quote  
PostPosted: Mon Oct 01, 2012 7:56 pm 
Offline
Yubico Team
Yubico Team

Joined: Mon Jul 23, 2012 9:59 pm
Posts: 27
Hello GregL,

Yubico has released a fix for this issue. Please see this thread:

http://forum.yubico.com/forum/viewtopic.php?f=5&t=865

_________________
-David Maples
Yubico Senior Solutions Engineer
http://www.Yubico.com


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group