|YubiRADIUS V3.5.4 - auto provision problem
|Page 1 of 1|
|Author:||nzkiwi68 [ Sun Jan 06, 2013 8:39 pm ]|
|Post subject:||YubiRADIUS V3.5.4 - auto provision problem|
I have rebuilt using 2 servers (server1 and server2) using V3.5.4 and setup sync between them.
(V3.5.4 because HardKnoX and I cannot get users to associate with tokens with a fresh install of V3.6.0)
That's all working good using V3.5.4. User accounts have been imported from Active Directory successfully and correctly on both server1 and server.
If I manually logon to server1 using the webadmin and associate email@example.com with a token on server1, then, shortly thereafter on server2, firstname.lastname@example.org shows being associated with the same token. Good...
I have globally enabled auto provision on both server1 and server2 AND additionally I have enabled auto provision within the specific domain "co.local" on both server1 and server2.
Right, the problem:
If a valid user logons (say email@example.com) and is authenticated by say, server1 and this user does NOT have a token associtaed with them, then auto provision kicks in and they get authenticated successfully, just as expected. The issue is, in webadmin on server1, "user2" shows as NOT have having a token assigned to them!
If you then run the "Reports" - "YubiKey Assignment" this shows that firstname.lastname@example.org does in fact have a token assigned.
Interestingly, if you then logon to server2 using webadmin, again, under the domain "co.local", user2 is shown as NOT have a token assigned to them, yet, the YubiKey Assignement report on server2 also shows that email@example.com does have a token.
This means we cannot delete tokens from users, becuase, according to webadmin, no user has any tokens assigned (except for any manual token assignments we manually did).
|Author:||nzkiwi68 [ Sun Jan 06, 2013 10:59 pm ]|
|Post subject:||Re: YubiRADIUS V3.5.4 - auto provision problem|
I've been monitoring our newly installed server1 and server2 - V3.5.4
Now, there are 7 yubico keys in total associated under the reports "YubiKey Assignment" and under the domain "co.local", 3 tokens are assigned to users, the other 4 are for another domain name.
Using webadmin and browsing the domain list of users:
Domain - co.local (domainname) - All Users
Only ONE of those 3 users displays in webadmin, but only 1!
I would expect all 3 would be displayed or none, but not 1 out 3.
|Page 1 of 1||All times are UTC + 1 hour|
|Powered by phpBB® Forum Software © phpBB Group