| Yubico Forum https://forum.yubico.com/ |
|
| YubiRADIUS V3.5.4 - auto provision problem https://forum.yubico.com/viewtopic.php?f=4&t=904 |
Page 1 of 1 |
| Author: | nzkiwi68 [ Sun Jan 06, 2013 8:39 pm ] |
| Post subject: | YubiRADIUS V3.5.4 - auto provision problem |
I have rebuilt using 2 servers (server1 and server2) using V3.5.4 and setup sync between them. (V3.5.4 because HardKnoX and I cannot get users to associate with tokens with a fresh install of V3.6.0) That's all working good using V3.5.4. User accounts have been imported from Active Directory successfully and correctly on both server1 and server. If I manually logon to server1 using the webadmin and associate user1@co.local with a token on server1, then, shortly thereafter on server2, user1@co.local shows being associated with the same token. Good... I have globally enabled auto provision on both server1 and server2 AND additionally I have enabled auto provision within the specific domain "co.local" on both server1 and server2. Right, the problem: If a valid user logons (say user2@co.local) and is authenticated by say, server1 and this user does NOT have a token associtaed with them, then auto provision kicks in and they get authenticated successfully, just as expected. The issue is, in webadmin on server1, "user2" shows as NOT have having a token assigned to them! If you then run the "Reports" - "YubiKey Assignment" this shows that user2@co.local does in fact have a token assigned. Interestingly, if you then logon to server2 using webadmin, again, under the domain "co.local", user2 is shown as NOT have a token assigned to them, yet, the YubiKey Assignement report on server2 also shows that user2@co.local does have a token. This means we cannot delete tokens from users, becuase, according to webadmin, no user has any tokens assigned (except for any manual token assignments we manually did). |
|
| Author: | nzkiwi68 [ Sun Jan 06, 2013 10:59 pm ] |
| Post subject: | Re: YubiRADIUS V3.5.4 - auto provision problem |
I've been monitoring our newly installed server1 and server2 - V3.5.4 Now, there are 7 yubico keys in total associated under the reports "YubiKey Assignment" and under the domain "co.local", 3 tokens are assigned to users, the other 4 are for another domain name. Using webadmin and browsing the domain list of users: Domain - co.local (domainname) - All Users Only ONE of those 3 users displays in webadmin, but only 1! I would expect all 3 would be displayed or none, but not 1 out 3. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|