Yubico Forum
https://forum.yubico.com/

Auth-Type Perl rejecting authenitcation
https://forum.yubico.com/viewtopic.php?f=31&t=1416
Page 1 of 1

Author:  Mitazake [ Tue Jul 01, 2014 7:13 pm ]
Post subject:  Auth-Type Perl rejecting authenitcation

I have YubiX running, somewhat. I am stuck on testing localhost authentication. The user has been added via Manage Users in YubiAuth, a YubiKey has been assigned. Any help/advice is greatly appreciated!
See log file below:

FreeRADIUS Version 2.1.12, for host i686-pc-linux-gnu, built on Feb 24 2014 at 15:00:10
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...

(Remove for length)

... adding new socket proxy address * port 34059
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 33562, id=43, length=78
User-Name = "podojilc"
User-Password = "password"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
Message-Authenticator = 0x776f49438a2073525a02d66125b7f8de
# Executing section authorize from file /etc/freeradius/sites-enabled/yubico-default
+- entering group authorize {...}
++[preprocess] returns ok
rlm_perl: Added pair User-Name = podojilc
rlm_perl: Added pair User-Password = password
rlm_perl: Added pair NAS-Port = 0
rlm_perl: Added pair Message-Authenticator = 0x776f49438a2073525a02d66125b7f8de
rlm_perl: Added pair NAS-IP-Address = 127.0.1.1
rlm_perl: Added pair Auth-Type = Perl
++[perl] returns updated
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "podojilc", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = Perl
# Executing group from file /etc/freeradius/sites-enabled/yubico-default
+- entering group Perl {...}
rlm_perl: Added pair User-Name = podojilc
rlm_perl: Added pair User-Password = password
rlm_perl: Added pair NAS-Port = 0
rlm_perl: Added pair NAS-IP-Address = 127.0.1.1
rlm_perl: Added pair Message-Authenticator = 0x776f49438a2073525a02d66125b7f8de
rlm_perl: Added pair Reply-Message = false
rlm_perl: Added pair Auth-Type = Perl
++[perl] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject

# Executing group from file /etc/freeradius/sites-enabled/yubico-default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> podojilc
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 43 to 127.0.0.1 port 33562
Reply-Message = "false"
Finished request 0.
Going to the next request

UPDATE:
After removing the assigned YuibKey, local authentication works successfully...It seems that when appending the OTP when testing a login it doesn't know what to do. If the password is typed incorrectly it rejects, but if the password is typed and then the OTP is added, it times out. Possible scripting error??

Author:  Mitazake [ Tue Jul 01, 2014 7:19 pm ]
Post subject:  Re: Auth-Type Perl rejecting authenitcation

Also when using this command: sudo freeradius -X > test.txt
The console outputs this line:
Use of uninitialized value $RAD_REQUEST{"Yubikey-OTP"} in string ne at /usr/share/yubix/rlm_yubiauth.pl line 80

Any idea what isn't enabled?

EDIT: It seems that this is caused by not appending the OTP during testing- oops!

Also, my issues have been narrowed down to the local server using a proxy to access Yubico's validation servers...

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/