How about I post step by step what I have done when I was following the guide and maybe you can see where the issue is.
I decided to give it a clean start on the following system below;
Systems used;
Server 1 Linux yubikey authentication stuff / radius running; Linux yubi.domain.com 2.6.18-164.6.1.el5 #1 SMP Tue Nov 3 16:12:36 EST 2009 x86_64 x86_64 x86_64 GNU/Linux
Server 2; Windows 2008 Enterprise ActiveDirectory/LDAP (mail.domain.com)
---------
Server 1;
svn checkout http://yubico-pam.googlecode.com/svn/br ... n_Premise/
autoreconf --install
At this point we should need yubico-c-client on our system so we go to http://yubico-c-client.googlecode.com/s ... n_Premise/ and check it out
make -f simple.mk check (now here I get an error)
------------------------------------------------------
[root@yubi yubico-c-client]# make -f simple.mk check
cc -I. -Wall -g -DPACKAGE=\"yubikey-client\" -DPACKAGE_VERSION=\"0\" -c -o libykclient.o libykclient.c
libykclient.c: In function âyubikey_client_simple_requestâ:
libykclient.c:122: warning: passing argument 3 of âyubikey_client_requestâ discards qualifiers from pointer target type
libykclient.c: In function âyubikey_client_requestâ:
libykclient.c:251: warning: implicit declaration of function âasprintfâ
libykclient.c:274: warning: format â%dâ expects type âintâ, but argument 2 has type âsize_tâ
libykclient.c:274: warning: field precision should have type âintâ, but argument 3 has type âsize_tâ
libykclient.c:288: warning: format â%dâ expects type âintâ, but argument 2 has type âsize_tâ
cc -I. -Wall -g -DPACKAGE=\"yubikey-client\" -DPACKAGE_VERSION=\"0\" -lcurl ykclient.c libykclient.o -o ykclient
cc -I. -Wall -g -DPACKAGE=\"yubikey-client\" -DPACKAGE_VERSION=\"0\" -lcurl selftest.c libykclient.o -o selftest
selftest.c: In function âmainâ:
selftest.c:46: error: too few arguments to function âyubikey_client_requestâ
selftest.c:54: error: too few arguments to function âyubikey_client_requestâ
make: *** [selftest] Error 1
---------------
However that error is with the selftest binary not with the ykclient binary. So I assume we can ignore it? because running ./ykclient gives valid output.
[root@yubi yubico-c-client]# ./ykclient
Usage: ./ykclient <client_id> <yubikey_output>
CLIENT_ID: your client id integer
YUBIKEY_OUTPUT: One-time password generated by yubikey
so now the binary is installed, we continue with yubico-pam installation by ./configure && make check install
now added line auth required pam_yubico.so id=1 debug userauth to /etc/pam.d/radiusd (Dont know why id=1)
moved file mv /usr/local/lib/security/pam_yubico.so /lib/security/
----------
update time
[root@yubi RADIUS_on_Premise]# /etc/rc.d/init.d/ntpd stop
Shutting down ntpd: [ OK ]
[root@yubi RADIUS_on_Premise]# ntpdate -u mail.domain.com
11 Dec 07:50:57 ntpdate[3646]: step time server 188.72.203.12 offset 111.215262 sec
[root@yubi RADIUS_on_Premise]# /etc/rc.d/init.d/ntpd start
Starting ntpd: [ OK ]
-------
configured the files
------
[root@noc RADIUS_on_Premise]# radtest test test123vrkvfefuitvflvgufcdlbjufkggukufkebeildbdkkjc 127.0.0.1 0 testing123
Sending Access-Request of id 114 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test123vrkvfefuitvflvgufcdlbjufkggukufkebeildbdkkjc"
NAS-IP-Address = 208.69.34.132
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=114, length=53
Reply-Message = "Your account has been disabled."
---
Now lets continue with the OTP parts.
--- SVN CHECKOUT
yms
yubico-php-lib
yubikey-val-server-php
yubiphpbase
so I assume we need to setup phpbase.
$aesKey = $aes->makeKey('bklftrkvbvg.....fbedtjerrbbcgkuk') change that with some random characters I believe? in yubico-php-lib/AES128.php
now setup_schema.sql is setup as yubico database.
Now editing config.php (I believe where the problem is)
However it is 6 AM so I will update this later, and if I get it to work this time, I will write a detailed guide. (if the problem is what I think it is, its a simple mistake)
--- Now here is the main bug that causes issues...
* Connected to DB successfully
Insert root client
Invalid query -- INSERT INTO clients VALUES (1,1,1,NOW(),'bora@domain.com','secrethere','Root client',0,0,1,0,0) -- Column count doesn't match value count at row 1[root@yubi yubiphpbase]#
mysql> describe clients;
+-----------+--------------+------+-----+---------------------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-----------+--------------+------+-----+---------------------+----------------+
| id | int(11) | NO | PRI | NULL | auto_increment |
| perm_id | int(11) | YES | MUL | NULL | |
| active | tinyint(1) | YES | | NULL | |
| created | datetime | NO | | 0000-00-00 00:00:00 | |
| email | varchar(255) | NO | UNI | | |
| secret | varchar(60) | NO | | | |
| notes | varchar(100) | YES | | NULL | |
| chk_sig | tinyint(1) | NO | | 0 | |
| chk_owner | tinyint(1) | NO | | 0 | |
+-----------+--------------+------+-----+---------------------+----------------+
9 rows in set (0.00 sec)
id = 1
perm_id = 1
active = 1
created = NOW() (so the date)
email = bora@domain.com
secret = secrethere
notes = root client
chk_sig = 0
chk_owner = 0
(1x 1, and 2 x 0 is too much in the query!!!) the right query should be
INSERT INTO clients VALUES (1,1,1,NOW(),'bora@domain.com','secrethere','Root client',0,0)
and not
INSERT INTO clients VALUES (1,1,1,NOW(),'bora@domain.com','secrethere','Root client',0,0,1,0,0)
manually entering the right query to see if it changes anything...
Once you edit install.php to the riqht query you can get past the yms page via the otp, then you enter your pin but this time you receive the following error.
Notice: Undefined variable: _SESSION in /var/www/yubico/yms/yubi_askpin.php on line 72
Invalid query -- SELECT id, pin FROM admin WHERE keyid= -- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
adding the following line
session_start();
after
<?php require_once '../yubico-php-lib/AES128.php'; in /var/www/yubiphpbase/appinclude.php solved the issue now i can login to the user management interface at yms
So this was a success.
Do you want me to send you the changed files so you can fix them and add them to SVN???
-------------------
Clicking users page;
Notice: Undefined variable: findkey in /var/www/yubico/yms/list_users.php on line 111
Notice: Undefined variable: attrName in /var/www/yubico/yms/list_users.php on line 126
Notice: Undefined variable: attrVal in /var/www/yubico/yms/list_users.php on line 126
Invalid query -- SELECT COUNT(*) AS C FROM users WHERE user_status=1 -- Table 'yubico.users' doesn't exist
(Will investigate this now or later) and post back.
GOT STUCK here!! cant find the schema for the users table...
Also how do we enter the username in THE ad?
|