Yubico Forum

YubiRadius stops authenticating and rejects everything.
Page 1 of 1

Author:  GregL [ Mon Oct 01, 2012 5:03 pm ]
Post subject:  YubiRadius stops authenticating and rejects everything.

I’m running YubiRadius 3.5.3 as a VMware VM. It has been up and running for weeks without a problem.

However, Yesterday morning (August 30, 2012) it seems to have stopped working correctly. Our ASA was getting authentication failed responces from the YubiRadius server, even in cases where we are certain the input was correct. The report for “authentication Requests” showed nothing after about 13:00 UTC. No successes and no failures, nothing. Restarting the YubiRadius server did not change anything, and the ASA was still getting auth failure replies. Using the “Troubleshoot” tab I verified that it was correctly processing OTPs, and was getting correct “success” responces. I also verified that the LDAP connection was working by rungging a user import manually, and changing LDAP servers.

The YubiRadius was still returning auth failures.

I then restored a snapshoot/checkpoint from the previous day, and everything worked again... breifly. By the following morning (Today, October 1) it wasn’t working again. Another snapshot/checkpoint restore, and it works breifly again. A few people are able to successfully authenticate, then it start rejecting again. When these authintication rejections are recived by the ASA, the “authentication Requests” report shows nothing.

I have network packet captures if that is helpful. They show the ASA reciving a “Code: Access-Reject (3)” while the YubiRadius shows nothing in it “authentication Requests” report. Prior to this (where the YubiRadius rejects everything) the “authentication Requests” report did correctly show both success and failed authentication atempts.

Any help would be greatly apreciated. What else can I try?

Author:  GregL [ Mon Oct 01, 2012 6:28 pm ]
Post subject:  Re: YubiRadius stops authenticating and rejects everything.

I just receved the following email:
Dear YubiRADIUS user,

As you may have already observed, as of last night YubiRADIUS has not been correctly authenticating YubiKeys. Our technical team has uncovered the root of the issue.

A security patch for FreeRADIUS released last night has impacted the YubiRADIUS authentication, preventing the validation of any YubiKey generated OTP. We are urgently working on a YubiRADIUS Patch to resolve this issue. We will release an update as soon as possible.

When available, YubiRADIUS users will be contacted via email and the patch with installation instructions will be accessible on the Yubico website at yubico.com/yubiradius.

Follow the progress here » http://yubico.us4.list-manage1.com/track/click?u=f089f8c003910ccc8b7308b56&id=e6c0664b31&e=d1547e8426

Yubico Support Team

Guess I'm in good company and will just wait...

Author:  David [ Mon Oct 01, 2012 7:56 pm ]
Post subject:  Re: YubiRadius stops authenticating and rejects everything.

Hello GregL,

Yubico has released a fix for this issue. Please see this thread:


Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group