Yubico Forum

YubiRADIUS V3.5.4 - auto provision problem
Page 1 of 1

Author:  nzkiwi68 [ Sun Jan 06, 2013 8:39 pm ]
Post subject:  YubiRADIUS V3.5.4 - auto provision problem

I have rebuilt using 2 servers (server1 and server2) using V3.5.4 and setup sync between them.
(V3.5.4 because HardKnoX and I cannot get users to associate with tokens with a fresh install of V3.6.0)

That's all working good using V3.5.4. User accounts have been imported from Active Directory successfully and correctly on both server1 and server.

If I manually logon to server1 using the webadmin and associate user1@co.local with a token on server1, then, shortly thereafter on server2, user1@co.local shows being associated with the same token. Good...

I have globally enabled auto provision on both server1 and server2 AND additionally I have enabled auto provision within the specific domain "co.local" on both server1 and server2.

Right, the problem:
If a valid user logons (say user2@co.local) and is authenticated by say, server1 and this user does NOT have a token associtaed with them, then auto provision kicks in and they get authenticated successfully, just as expected. The issue is, in webadmin on server1, "user2" shows as NOT have having a token assigned to them!

If you then run the "Reports" - "YubiKey Assignment" this shows that user2@co.local does in fact have a token assigned.
Interestingly, if you then logon to server2 using webadmin, again, under the domain "co.local", user2 is shown as NOT have a token assigned to them, yet, the YubiKey Assignement report on server2 also shows that user2@co.local does have a token.

This means we cannot delete tokens from users, becuase, according to webadmin, no user has any tokens assigned (except for any manual token assignments we manually did).

Author:  nzkiwi68 [ Sun Jan 06, 2013 10:59 pm ]
Post subject:  Re: YubiRADIUS V3.5.4 - auto provision problem

I've been monitoring our newly installed server1 and server2 - V3.5.4

Now, there are 7 yubico keys in total associated under the reports "YubiKey Assignment" and under the domain "co.local", 3 tokens are assigned to users, the other 4 are for another domain name.

Using webadmin and browsing the domain list of users:
Domain - co.local (domainname) - All Users

Only ONE of those 3 users displays in webadmin, but only 1!

I would expect all 3 would be displayed or none, but not 1 out 3.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group