Yubico Forum
https://forum.yubico.com/

YubiRADIUS / Juniper SA authentication problem
https://forum.yubico.com/viewtopic.php?f=5&t=741
Page 1 of 1

Author:  gabrielshorn [ Wed Jan 04, 2012 3:17 pm ]
Post subject:  YubiRADIUS / Juniper SA authentication problem

I recently configured the latest YubiRADIUS VM to provide the second factor of authentication against my Juniper VPN appliance. The first factor is via Active Directory and works fine.

The server sees my AD domain and I can successfully import users and assign them keys. The second factor of authentication always fails. Syslog shows the following:

Usernames and passwords are redacted:

==

Jan 4 03:52:31 yrva31 ykropval[10591]: LOG_DEBUG:ykropval-verify:[127.0.0.1] [user1] xxxxyyyyxxxxyyyyxxxxyyyyxxxxyyyyxxxxyyyyxxxx : user1 : -1 missing parameter(s)

Jan 4 03:52:31 yrva31 ykropval[10591]: LOG_DEBUG:ykropval-common:SIGN: status=MISSING_PARAMETER&t=2012-01-03T22:22:31Z0042 H=aaaabbbbaaaaBBBBaaaaBBBBaaa=

==

It looks to me like the Juniper is not sending the data to the YubiRADIUS server in an acceptable format. Anyone seen this before?

Author:  samir [ Fri Jan 06, 2012 12:15 pm ]
Post subject:  Re: YubiRADIUS / Juniper SA authentication problem

Hi,

It seems you are getting this because of an issue in version 3.1 of YubiRADIUS that returns ACCESS_REJECT response for valid credentials if the user password contained 6 or more consecutive digits.

Please visit http://wiki.yubico.com/files/Readme_for ... atch-1.txt for how to download and apply a patch to fix this issue.

Hope this helps.

Best regards,

Samir.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/