Yubico Forum :: View topic - Auth-Type Perl rejecting authenitcation

Yubico Forum https://forum.yubico.com/

Auth-Type Perl rejecting authenitcation https://forum.yubico.com/viewtopic.php?f=31&t=1416	Page 1 of 1

Author:	Mitazake [ Tue Jul 01, 2014 7:13 pm ]
Post subject:	Auth-Type Perl rejecting authenitcation
I have YubiX running, somewhat. I am stuck on testing localhost authentication. The user has been added via Manage Users in YubiAuth, a YubiKey has been assigned. Any help/advice is greatly appreciated! See log file below: FreeRADIUS Version 2.1.12, for host i686-pc-linux-gnu, built on Feb 24 2014 at 15:00:10 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... (Remove for length) ... adding new socket proxy address * port 34059 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 33562, id=43, length=78 User-Name = "podojilc" User-Password = "password" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 Message-Authenticator = 0x776f49438a2073525a02d66125b7f8de # Executing section authorize from file /etc/freeradius/sites-enabled/yubico-default +- entering group authorize {...} ++[preprocess] returns ok rlm_perl: Added pair User-Name = podojilc rlm_perl: Added pair User-Password = password rlm_perl: Added pair NAS-Port = 0 rlm_perl: Added pair Message-Authenticator = 0x776f49438a2073525a02d66125b7f8de rlm_perl: Added pair NAS-IP-Address = 127.0.1.1 rlm_perl: Added pair Auth-Type = Perl ++[perl] returns updated ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "podojilc", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = Perl # Executing group from file /etc/freeradius/sites-enabled/yubico-default +- entering group Perl {...} rlm_perl: Added pair User-Name = podojilc rlm_perl: Added pair User-Password = password rlm_perl: Added pair NAS-Port = 0 rlm_perl: Added pair NAS-IP-Address = 127.0.1.1 rlm_perl: Added pair Message-Authenticator = 0x776f49438a2073525a02d66125b7f8de rlm_perl: Added pair Reply-Message = false rlm_perl: Added pair Auth-Type = Perl ++[perl] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/yubico-default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> podojilc attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 43 to 127.0.0.1 port 33562 Reply-Message = "false" Finished request 0. Going to the next request UPDATE: After removing the assigned YuibKey, local authentication works successfully...It seems that when appending the OTP when testing a login it doesn't know what to do. If the password is typed incorrectly it rejects, but if the password is typed and then the OTP is added, it times out. Possible scripting error??

Author:	Mitazake [ Tue Jul 01, 2014 7:19 pm ]
Post subject:	Re: Auth-Type Perl rejecting authenitcation
Also when using this command: sudo freeradius -X > test.txt The console outputs this line: Use of uninitialized value $RAD_REQUEST{"Yubikey-OTP"} in string ne at /usr/share/yubix/rlm_yubiauth.pl line 80 Any idea what isn't enabled? EDIT: It seems that this is caused by not appending the OTP during testing- oops! Also, my issues have been narrowed down to the local server using a proxy to access Yubico's validation servers...

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/