| Yubico Forum https://forum.yubico.com/ |
|
| [SOLVED] USB Lattitude E6530 doesn't work https://forum.yubico.com/viewtopic.php?f=23&t=1115 |
Page 1 of 2 |
| Author: | SphaZ [ Mon Jul 29, 2013 7:36 am ] |
| Post subject: | [SOLVED] USB Lattitude E6530 doesn't work |
Hello, I use my yubikey to login into my Kali (Debian) 64 bit machine in challange-response hmac-sha1 mode. This generally works very well, however sometimes it doesn't work. But if I try again, it does work. What I see: (logged in using Gnome with yubikey without any problems. Start up terminal session...) Code: artien@artien-laptop:~$ sudo su - [sudo] password for artien: [util.c:get_user_challenge_file(217)] Failed to read serial number (serial-api-visible disabled?). [pam_yubico.c:do_challenge_response(655)] Yubikey core error: timeout [pam_yubico.c:do_challenge_response(664)] Challenge response failed: No such file or directory Sorry, try again. [sudo] password for artien: [pam_yubico.c:do_challenge_response(478)] Failed initializing YubiKey [pam_yubico.c:do_challenge_response(652)] USB error: Access denied (insufficient permissions) [pam_yubico.c:do_challenge_response(664)] Challenge response failed: No such file or directory Sorry, try again. [sudo] password for artien: [pam_yubico.c:do_challenge_response(478)] Failed initializing YubiKey [pam_yubico.c:do_challenge_response(652)] USB error: Access denied (insufficient permissions) [pam_yubico.c:do_challenge_response(664)] Challenge response failed: No such file or directory Sorry, try again. sudo: 3 incorrect password attempts artien@artien-laptop:~$ sudo su - [sudo] password for artien: root@artien-laptop:~# Yubikey config: challange-response HMAC-SHA1 mode, variable input. /etc/pam.d/common-auth: Code: auth required pam_unix.so nullok_secure try_first_pass auth [success=1 new_authtok_reqd=ok ignore=ignore default=die] pam_yubico.so mode=challenge-response Does anyone have a clue as to why it would fail only sometimes, and then work right away after that? |
|
| Author: | Tom [ Mon Jul 29, 2013 8:26 am ] |
| Post subject: | Re: [QUESTION] Linux challenge-response sometimes doesn't wo |
Mmm...could be a timing issue? Did you tried swapping USB port? When you plug in your Yubikey wait 5-10 seconds before typing the password. which firmware / yubikey version ? |
|
| Author: | SphaZ [ Mon Jul 29, 2013 8:38 am ] |
| Post subject: | Re: [QUESTION] Linux challenge-response sometimes doesn't wo |
Between logging into my desktop and Gnome I don't remove the yubikey...I will try another USB port and waiting a few seconds longer in between. Firmware version 2.3.3 and I have the basic YUBIKEY USB TOKEN BLACK. I will let you know.. |
|
| Author: | SphaZ [ Thu Aug 01, 2013 7:12 am ] |
| Post subject: | Re: [QUESTION] Linux challenge-response sometimes doesn't wo |
I've tried two other USB ports and finally found one that always seems to work. I'm using a Dell Latitude E6530 and it seems that the USB ports on the left and right side both have the same issues, but the USB port on the left-back side works fine all the time. Very odd but seems a hardware issue, not a software issue so thank you. |
|
| Author: | Tom [ Thu Aug 01, 2013 7:23 am ] |
| Post subject: | Re: [SOLVED] Linux challenge-response sometimes doesn't work |
Please can you check the USB bus? Would be nice to know if broken ports are USB 3.0 and if you can report the USB buss manufacturer Thank you. |
|
| Author: | SphaZ [ Tue Aug 20, 2013 3:17 pm ] |
| Post subject: | Re: [SOLVED] Linux challenge-response sometimes doesn't work |
Further testing showed that it had to do with a monitor-build-in USB hub causing issues. Removing the USB hub or putting that on the other backside-port fixes all issues. Note: the screen is also a Dell. |
|
| Author: | SphaZ [ Wed Aug 21, 2013 9:22 am ] |
| Post subject: | Re: [SOLVED] Linux challenge-response sometimes doesn't work |
Hmm, spoke too soon. Despite appearing to work it looks even more complex. There are 3 USB ports on the Lattitude E6530. Left, right and left-backside. Left-backside always works. Left side works when there is no hub connected, but it throws timeout errors (but still works oddly enough.) Right side still sometimes does, sometimes doesn't work. |
|
| Author: | eworm [ Wed Sep 04, 2013 6:49 pm ] |
| Post subject: | Re: [SOLVED] USB Lattitude E6530 doesn't work |
Same issue here on Samsung 530U3C... This happens very seldom, but it is very annoying. Still trying to track this down. |
|
| Author: | eworm [ Wed Sep 04, 2013 6:52 pm ] |
| Post subject: | Re: [SOLVED] USB Lattitude E6530 doesn't work |
This is the debug output: Code: [pam_yubico.c:parse_cfg(738)] called.
[pam_yubico.c:parse_cfg(739)] flags 0 argc 2 [pam_yubico.c:parse_cfg(741)] argv[0]=mode=challenge-response [pam_yubico.c:parse_cfg(741)] argv[1]=debug [pam_yubico.c:parse_cfg(742)] id=-1 [pam_yubico.c:parse_cfg(743)] key=(null) [pam_yubico.c:parse_cfg(744)] debug=1 [pam_yubico.c:parse_cfg(745)] alwaysok=0 [pam_yubico.c:parse_cfg(746)] verbose_otp=0 [pam_yubico.c:parse_cfg(747)] try_first_pass=0 [pam_yubico.c:parse_cfg(748)] use_first_pass=0 [pam_yubico.c:parse_cfg(749)] authfile=(null) [pam_yubico.c:parse_cfg(750)] ldapserver=(null) [pam_yubico.c:parse_cfg(751)] ldap_uri=(null) [pam_yubico.c:parse_cfg(752)] ldapdn=(null) [pam_yubico.c:parse_cfg(753)] user_attr=(null) [pam_yubico.c:parse_cfg(754)] yubi_attr=(null) [pam_yubico.c:parse_cfg(755)] yubi_attr_prefix=(null) [pam_yubico.c:parse_cfg(756)] url=(null) [pam_yubico.c:parse_cfg(757)] capath=(null) [pam_yubico.c:parse_cfg(758)] token_id_length=12 [pam_yubico.c:parse_cfg(759)] mode=chresp [pam_yubico.c:parse_cfg(760)] chalresp_path=(null) [pam_yubico.c:pam_sm_authenticate(799)] get user returned: root [util.c:get_user_challenge_file(218)] Failed to read serial number (serial-api-visible disabled?). [pam_yubico.c:do_challenge_response(495)] Loading challenge from file /root/.yubico/challenge [pam_yubico.c:do_challenge_response(511)] Cannot open file: /root/.yubico/challenge (No such file or directory) [pam_yubico.c:do_challenge_response(657)] Yubikey core error: timeout [pam_yubico.c:do_challenge_response(666)] Challenge response failed: No such file or directory |
|
| Author: | eworm [ Wed Sep 04, 2013 10:14 pm ] |
| Post subject: | Re: [SOLVED] USB Lattitude E6530 doesn't work |
Ok, took a deeper look: pam_yubico.so (or whatever, wrote some helper code) calls yk_get_serial(), that calls yk_read_response_from_key(), which then calls yk_wait_for_key_status(). That is where the loop is run until the timeout occures. Any idea what goes wrong there? |
|
| Page 1 of 2 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|