Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 10:10 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Tue Jul 01, 2014 7:13 pm 
Offline

Joined: Mon Jun 30, 2014 7:30 pm
Posts: 4
I have YubiX running, somewhat. I am stuck on testing localhost authentication. The user has been added via Manage Users in YubiAuth, a YubiKey has been assigned. Any help/advice is greatly appreciated!
See log file below:

FreeRADIUS Version 2.1.12, for host i686-pc-linux-gnu, built on Feb 24 2014 at 15:00:10
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...

(Remove for length)

... adding new socket proxy address * port 34059
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 33562, id=43, length=78
User-Name = "podojilc"
User-Password = "password"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
Message-Authenticator = 0x776f49438a2073525a02d66125b7f8de
# Executing section authorize from file /etc/freeradius/sites-enabled/yubico-default
+- entering group authorize {...}
++[preprocess] returns ok
rlm_perl: Added pair User-Name = podojilc
rlm_perl: Added pair User-Password = password
rlm_perl: Added pair NAS-Port = 0
rlm_perl: Added pair Message-Authenticator = 0x776f49438a2073525a02d66125b7f8de
rlm_perl: Added pair NAS-IP-Address = 127.0.1.1
rlm_perl: Added pair Auth-Type = Perl
++[perl] returns updated
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "podojilc", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = Perl
# Executing group from file /etc/freeradius/sites-enabled/yubico-default
+- entering group Perl {...}
rlm_perl: Added pair User-Name = podojilc
rlm_perl: Added pair User-Password = password
rlm_perl: Added pair NAS-Port = 0
rlm_perl: Added pair NAS-IP-Address = 127.0.1.1
rlm_perl: Added pair Message-Authenticator = 0x776f49438a2073525a02d66125b7f8de
rlm_perl: Added pair Reply-Message = false
rlm_perl: Added pair Auth-Type = Perl
++[perl] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject

# Executing group from file /etc/freeradius/sites-enabled/yubico-default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> podojilc
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 43 to 127.0.0.1 port 33562
Reply-Message = "false"
Finished request 0.
Going to the next request

UPDATE:
After removing the assigned YuibKey, local authentication works successfully...It seems that when appending the OTP when testing a login it doesn't know what to do. If the password is typed incorrectly it rejects, but if the password is typed and then the OTP is added, it times out. Possible scripting error??


Last edited by Mitazake on Tue Jul 01, 2014 9:32 pm, edited 2 times in total.

Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Jul 01, 2014 7:19 pm 
Offline

Joined: Mon Jun 30, 2014 7:30 pm
Posts: 4
Also when using this command: sudo freeradius -X > test.txt
The console outputs this line:
Use of uninitialized value $RAD_REQUEST{"Yubikey-OTP"} in string ne at /usr/share/yubix/rlm_yubiauth.pl line 80

Any idea what isn't enabled?

EDIT: It seems that this is caused by not appending the OTP during testing- oops!

Also, my issues have been narrowed down to the local server using a proxy to access Yubico's validation servers...


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group