Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 12:09 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Fri Oct 25, 2013 1:13 pm 
Offline

Joined: Thu Oct 24, 2013 3:55 pm
Posts: 3
Hello All,

Yesterday I successfully setup a yubiradius server for testing yubikey integration into our corporate network.

I was able to import the users from our AD server and assign my user with a yubikey for testing.

I am now attempting to use the troubleshoot tab to test two factor authentication. This has been failing and when looking in the logs I see this message:

Fri Oct 25 12:08:42 2013 : Error: [ldap] cn=admin,dc=example,dc=com bind to 192.168.1.105:389 failed: Can't contact LDAP server
Fri Oct 25 12:08:42 2013 : Error: [ldap] (re)connection attempt failed

Our LDAP server is located at 10.0.13.11 and is pingable from the yubiradius, and clearly accessable as I was able to import our users list. All the configuration is correct for our AD server under the domain settings.

Does anyone know where this 192.168.1.105 address is coming from? I have not set this up anywhere yet the troubleshooting for two factor authentication continually attempts to authenticate using this IP.

I am at a loss here, any ideas?

Many Thanks
Sam


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Oct 29, 2013 8:15 am 
Offline
Yubico Team
Yubico Team

Joined: Mon Feb 22, 2010 9:49 am
Posts: 183
Hello,

In FreeRADIUS instance of YubiRADIUS, an OpenLDAP instance is already available preconfigured on the YubiRADIUS VM. As per your forum post, it seems that you might be used the already cached OpenLDAP entries.

To make proper "User Import" configuration for your AD/LDAP, please use the following steps.

Click on "User Import" tab >> click on "Advanced" button

Please see the following details in the configuration for Advanced mode:

Use Secure Connection? => No
Directory Type => openLDAP ---> "Select as per your directory type as Active Directory or OpenLDAP"
LDAP/AD Server Address or Host Name => <<AD/LDAP server IP address or hostname>> --> "here you might be entered 192.168.1.105" --> please put valid IP address for your AD/LDAP i.e. "10.0.13.11"
Backup LDAP/AD Server Address or Host Name ==> optional or same as above
Port (use 0 or blank to use the default port) ==> 389
LDAP Version ==> 3
Base DN ==> dc=example,dc=com --> "here this is the default domain available on the local openldap instance" --> please put valid domain entry available on the AD/LDAP you have"
User DN ==> cn=admin,dc=example,dc=com --> "Please put valid admin user available on your AD/LDAP"
Password ==> yubico --> "Please put password for your AD/LDAP admin user password here"
Schedule ==> None
Filter ==> (objectClass=person)
Login Name Identifier ==> uid ---> " If you use LDAP use value as "uid" and if you use Active Directory use "sAMAccountName" as identifier

Click on "Save" and then Click on "Import Users"

Hope this helps!

Thanks and best regards,
Samir.


Top
 Profile  
Reply with quote  
PostPosted: Tue Nov 05, 2013 6:07 pm 
Offline

Joined: Fri Oct 25, 2013 11:28 pm
Posts: 8
Run this and see if you can find where the ip is entered.

grep 192.168.1.105 /etc/freeradius/*


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group