Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 2:20 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 6 posts ] 
Author Message
PostPosted: Sun Jun 12, 2016 4:10 pm 
Offline

Joined: Sun Jun 12, 2016 9:42 am
Posts: 3
Hi, can anyone help with this?

I've got a Macbook Pro and use a YubiKey 4 (+ a backup!) which is configured in 2 ports (OTP and -i think- Challenge Response Mode). So I use it for LastPass/Google etc online which I believe is the OTP... and also use it when logging into OSX or when coming out of screensaver which I think is the Challenge Response Mode.

I have just installed Windows 10 Pro so my MacBook can run either OSX or Windows, depending on what I choose at start up.

My question is, if my YubiKey is already using both ports, is it possible to use it for signing into Windows as well? Would Windows sign on need to be configured in it's own port or can it use the same configuration I use for the OSX sign on/screensaver?

Ideally I'd like to be able to sign in and unlock screensaver using the YubiKey on both Windows and OSX versions on my MacBook as well as using it for things like LastPass online.

Can I do this? If so, how? I've tried looking for answers on here but can't seem to find one or don't fully understand the set up that is required...

Any help would be much appreciated!

Thanks
Laura


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Jun 14, 2016 4:13 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
It depends on whether you enabled the setting "require user input" when programming the Challenge-Response credential for OSX. If you didn't, you can use the same credential for Windows Login (but you will still need to follow the setup instructions for the Windows Login Tool, minus the programming of the Challenge-Response credential. If you DID enable "require user input", this credential cannot be used for Windows Login, so you would need to undo the OS X PAM login and start over, making sure that "require user input" isn't enabled when programming the Challenge-Response credential.


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 14, 2016 6:35 pm 
Offline

Joined: Sun Jun 12, 2016 9:42 am
Posts: 3
Thanks for your reply!

I don't believe I did enable 'Require User Input' as I followed Yubico's Mac OSX Log on intructions here: https://www.yubico.com/wp-content/uploads/2016/02/Yubico_YubiKeyMacOSXLogin_en.pdf So that's good news!

However, when I go to install the Windows Logon tool it says failed to install because I don't have the .NET framework installed, even though I do have it installed (see screenshots...). Any ideas?

Image

Image

Image

Image


Top
 Profile  
Reply with quote  
PostPosted: Wed Jun 15, 2016 2:52 pm 
Offline

Joined: Thu Oct 16, 2014 11:51 pm
Posts: 82
You need .Net Framework 3.5, not 4.5.

Newer "versions" of the framework don't "upgrade" older ones, they're a new "target" for programs. If it needs 3.5, you need to install 3.5.

Brendan


Top
 Profile  
Reply with quote  
PostPosted: Thu Jun 16, 2016 2:46 pm 
Offline

Joined: Sun Jun 12, 2016 9:42 am
Posts: 3
Ah ok thanks! That worked. Following the link from the dialogue box just automatically took me to 4.5 so I assumed it was ok!

So kind-of-success. I have configured 1 YubiKey for windows log on. But when I try to program a backup, as recommended, it stops the other key from working for logon. Is there something I'm missing?


Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 20, 2016 5:40 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
You have to program both YubiKeys with the same Challenge-Response credential, so:

(1) Disable the YubiKey requirement in YubiKey Logon Administration

(2) Follow the steps in the documentation to program the Challenge-Response credential in YubiKey 1

(3) With the Challenge-Response window in the Personalization Tool still open, remove YubiKey 1, insert YubiKey 2 and click "Write Configuration" again

(4) Return to YubiKey Logon Administration and enable the YubiKey requirement, select the user account, click Configure, then Test

(5) Reboot

Both YubiKeys now have the same credential programmed, so you should be able to use either to perform the login.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group