Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 3:40 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 6 posts ] 
Author Message
PostPosted: Tue Feb 12, 2013 5:33 pm 
Offline

Joined: Tue Feb 12, 2013 5:16 pm
Posts: 8
Hello Yubicommunity,

I hope someone out there can assist me!

I recently set up a YubiRADIUS VA 3.6 in our domain to use with our Firewall's VPN client
-I added our domain
-I am able to import users
-I am able to upload my Yubikey config to the VA
-I can assign the Yubikey to a user
-I can use RADTEST to test the yubikey and user/pass authentication - it passes authentication successfully.

I have a Watchguard Firewall that uses SSLVPN with its own client.
-I have configured the SSLVPN on the firewall to use RADIUS authentication, with the YubiRADIUS server as its target
-I have followed the configuration guide from Yubico for setting up Watchguard Firewall with YubiRADIUS VA

When I attempt to sign in through VPN with the same yubikey and user account that I have previously authenticated using RADTEST, I get authentication failures.

In this log: File /var/log/apache2/error.log I can see the following lines (pasted below). You can see that the key, username and password ARE sent from the Watchguard firewall. I'm not sure what to do next though. As I said before I can authenticate if I use the RADTEST feature, but not if I send credentials from the Watchguard. Can anyone help me out?

Thank you!

[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] ====vvducrrjldkvkijhhjiublkbhfkkeheluhbbcfdglbnn : administrator : adminpasswordhere
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] Before Spilt fullusername: administrator
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: db_options in /usr/share/ykropval/ykropval-db.php on line 64
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: match in /usr/share/ykropval/ykropval-db.php on line 327
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: db_options in /usr/share/ykropval/ykropval-db.php on line 64
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: match in /usr/share/ykropval/ykropval-db.php on line 327
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: match in /usr/share/ykropval/ykropval-db.php on line 327
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: db_options in /usr/share/ykropval/ykropval-db.php on line 64
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: match in /usr/share/ykropval/ykropval-db.php on line 327
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: db_options in /usr/share/ykropval/ykropval-db.php on line 64
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: match in /usr/share/ykropval/ykropval-db.php on line 327
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: db_options in /usr/share/ykropval/ykropval-db.php on line 64
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined index: HTTPS in /usr/share/ykval/ykval-verify.php on line 14
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: match in /usr/share/ykval/ykval-db.php on line 292
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: query in /usr/share/ykval/ykval-db.php on line 186
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: maphttps in /usr/share/ykropval/ykropval-verify.php on line 548
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: ykmap_service_url in /usr/share/ykropval/ykropval-verify.php on line 549
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: parameters in /usr/share/ykropval/Yubico_YkMap.php on line 186
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: db_options in /usr/share/ykmap/ykmap-db.php on line 64
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: match in /usr/share/ykmap/ykmap-db.php on line 327
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: apiKey in /usr/share/ykmap/ykmap-query.php on line 136
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Warning: trim() expects parameter 1 to be string, array given in /usr/share/ykmap/ykmap-common.php on line 95
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: service_failed in /usr/share/ykropval/ykropval-verify.php on line 581
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: db_options in /usr/share/ykropval/ykropval-db.php on line 64
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: db_options in /usr/share/ykropval/ykropval-db.php on line 64
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] ============>update users SET single_factor_flag = false where LOWER(login_name) = LOWER('administrator') and domain_id = '46'
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: db_options in /usr/share/ykropval/ykropval-db.php on line 64
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: all_group_login_name in /usr/share/ykropval/ykropval-common.php on line 552
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: apiKey in /usr/share/ykropval/ykropval-verify.php on line 106
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: extra in /usr/share/ykropval/ykropval-verify.php on line 106
[Tue Feb 12 09:18:45 2013] [error] [client 127.0.0.1] PHP Notice: Undefined variable: return_group in /usr/share/ykropval/ykropval-common.php on line 358


Last edited by labdulghani on Tue Feb 12, 2013 8:49 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Feb 12, 2013 8:14 pm 
Offline

Joined: Tue Feb 12, 2013 5:16 pm
Posts: 8
Ok - so I decided to take some action into my own hands.

The error messages that keep repeating are:
Undefined variable: db_options in /usr/share/ykropval/ykropval-db.php on line 64
Undefined variable: match in /usr/share/ykropval/ykropval-db.php on line 327


I thought to myself, "I should probably check out those lines in the php file".

I SSH'd into the YubiRADIUS VA (3.6) with the root account and opened the ykropval-db.php file.

I went to line 64 in ykropval-db.php and found the declaration for db_options. Only it was spelled dp_options. I changed the spelling from dp_options to db_options and saved the file.

At this point I was in disbelief. It couldn't be that simple, a type-o in the php file? I re-ran the authentication from my VPN client and now I no longer get any error messages about db_options.

I repeated my actions for the error about "match". I find at line 327 an attempt to assign a value to the variable $match. I'm guessing it needs to be declared somewhere before line 327 - but I'm not sure where.

Can anyone help me from this point? It seems like the php files for ykropval may be fraught with typos. I'd like to instantiate $match, but I'm not sure where.

Thanks for checking this out - any tips or ideas are welcome!

EDIT I added $match=""; at the same point $query is defined above line 327. Now I no longer receive errors about match either. I'm pretty dissapointed that fixing my errors appear to be related to going through the php files fixing syntax errors myself.


Top
 Profile  
Reply with quote  
PostPosted: Tue Feb 12, 2013 11:33 pm 
Offline

Joined: Tue Feb 12, 2013 11:30 pm
Posts: 8
I'm in the process myself of implimenting YubiRadius so I have sadly not run into this problem. But if I do I'll taka look at it since I have some PHP experience.

I think it would be smart for Yubico to consider open sourcing YubiRadius. Even though Yubico would be the biggest contributor the little extra help to fix minor bugs would help a great deal.


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 13, 2013 4:33 pm 
Offline

Joined: Tue Feb 12, 2013 11:30 pm
Posts: 8
I think I know why this is (memories from many years ago)

Before PHP5 you did not have to declare a variable before using it.

For example in /usr/share/ykmap/ykmap-db.php it gives an error in line 64

Code:
  public function __construct($db_dsn, $db_username, $db_password, $dp_options, $name='ykmap-db')
  {
    $this->db_dsn=$db_dsn;
    $this->db_username=$db_username;
    $this->db_password=$db_password;
    $this->db_options=$db_options;

    $this->myLog=new Log($name);
  }


$db_options has never been declared and therefore it gives a notice in the error.log. To fix this you just have to declare it somewhere, for example to check if it is sett and if it is not set then set it to $null


Top
 Profile  
Reply with quote  
PostPosted: Wed Oct 16, 2013 7:51 pm 
Offline

Joined: Wed Oct 16, 2013 7:24 pm
Posts: 2
Just downloaded YubiRADIUS to hook it up to a Watchguard yesterday and hitting the same issue. I get that the fix is simple but no patch yet?


Top
 Profile  
Reply with quote  
PostPosted: Wed Oct 16, 2013 8:43 pm 
Offline

Joined: Wed Oct 16, 2013 7:24 pm
Posts: 2
OK, being a linux noob maybe i shouldn't say its so easy to fix. help?


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group