Yubico Forum

Hi,

After asigning a yubikey to a user, the yubikey status is green (OK) in the "List Yubikeys" tab.

But in the users/groups tab under Domain, the status for the same user is a red cross (KO).

Thanks!

Hello,

Please send the following Log files at "support@yubico.com" .

1. Please configure the log files with the following settings from the webmin console:
1. Login to webmin
2. Go to "System" >> "System Logs"
3. Click on log file (ykropval.log ,etc. mentioned below)
4. Select "all" option in "priorities" field of "Message types to log" section
5. Please click on "save" button to save the changes.
6. Please repeat step 3, 4 and 5 for other log files mentioned below.
7. Please click on "Apply Changes" button on System Logs page
8. Go to "Servers" >> "YubiRADIUS Virtual Appliance"
9. Navigate 'Global Configuration' >> 'FreeRADIUS' menu, please enable FreeRADIUS Logging
10. Could you please ssh to the YRVA instance and restart the rsyslog process by executing the following command:
/etc/init.d/rsyslog restart
11. Please try to add the user and test the user with YubiKey credentials.

Please send us the following log files:
/var/log/syslog
/var/log/messages
/var/log/ykval.log
/var/log/ykropval.log
/var/log/ykmap.log
/var/log/freeradius/radius.log
/var/log/postgresql/postgresql-8.4-main.log
/var/log/apache2/error.log
/var/log/apache2/access.log
/var/log/debug

2. If you have already configure the webmin logs, please send "webmin.debug" file available at /var/webmin/webmin.debug

If not please configure the log file with the following settings from the webmin console:
1. Login to webmin
2. Go to "Webmin" >> "Webmin Configuration"
3. Please Click on "Debugging Log File"
4. Please Click on "yes" option of "Debug log enabled?"
5. Please click on "save" button to save the changes.
6. Please once again Import Users.

Please find the "webmin.debug" file at /var/webmin/webmin.debug

3. Please brief on any other observations and please send the screen shots, error messages observed.

Thanks and best regards,
Samir.

Hi Samir,

I'm looking at the logs and it could be a case-sensitive problem?

Mar 21 18:00:15 yrva361 ykmap[24727]: LOG_DEBUG:ykmap-synclib:dsi:db:[127.0.0.1] [vjjtbfkfrtit] DB query is: SELECT * FROM ykmaps WHERE keyword = 'username' and value = 'USER@AUTH.LOCAL'


But the ykmap is using lowercase:

Mar 21 18:00:16 yrva361 ykmap[11046]: LOG_DEBUG:ykmap-query:dsi:db:DB query is: SELECT * FROM ykmaps WHERE keyword = 'username' and value = 'user@auth.local'
Mar 21 18:00:16 yrva361 ykmap[11046]: LOG_DEBUG:ykmap-common:SIGN: status=NO_RECORDS_FOUND&0=&t=2013-03-21T18:00:16Z0368 H=yxYLd4z6TztXwU8R/xSuslqNTjM=

P.S.: I'm sending you the logs.

Thanks

Hi again,

Confirmed, the Bug is not happening if the login and the domain are lowercase

I'm also seeing this behavior. I'm looking into the LDAP import process to see if either the SQL query or other variable handling part of the process can force the username to lowercase. It'd be nice to know if Yubico has acknowledged this bug and if there is a fix planned.

Okay... I have a "working" solution, at least for me. Pretty simple; just forced the string from the original LDAP search to lowercase. Here are my patches (files located under /usr/share/webmin/yubico-RoP/):





I was able to fix what was already in the pgsql database by running the following:

In the ykrop2 database:


In the ykmap database:


I'm not suggesting this is a valid fix for everyone, but so far it seems to have done the trick for me. I'm still working on applying the fix to the other sync'ed servers.

(edited to include better details about the fix)