Yubico Forum :: View topic - Radius On Premise II - Compatibility with vSphere 4

Yubico Forum https://forum.yubico.com/

Radius On Premise II - Compatibility with vSphere 4 https://forum.yubico.com/viewtopic.php?f=5&t=685	Page 1 of 1

Author:	Jonathan [ Sat Jun 11, 2011 1:17 am ]
Post subject:	Radius On Premise II - Compatibility with vSphere 4
Hi, I'm trying to test out the Yubikey for possible use as our company's 2-factor VPN authentication method. I've purchased 3 Yubikeys to test with, and am currently trying to set up the RoPII server. I've downloaded the VMWare image (version 2.1) from the following link: http://wiki.yubico.com/files/Yubico_Rad ... gev2.1.zip I was successfully able to add the VM to our VMWare environment running vSphere 4.1, but when I attempt to power the VM on, I received errors stating that the CD/DVD type was unsupported, the hard disk type was unsupported, and the OS type was unrecognized. I manually changed the OS type to "Other Linux (32-bit)" and removed the CD/DVD drive which fixed appears to have resolved those two issues. I still receive the following error when I try to power on though: "Device 'Hard disk 1' has a backing type that is not supported. This is a general limitation of the virtual machine's version on the selected host." So my first question would be, is the RoP VMWare image compatible with vSphere4? If it's not, are there any plans for one in the near future? Thanks, Jonathan

Author:	samir [ Tue Jun 14, 2011 2:18 pm ]
Post subject:	Re: Radius On Premise II - Compatibility with vSphere 4
Thank you for the great suggestion! We have forwarded your forum post to our product development team.

Author:	Jonathan [ Tue Jun 14, 2011 6:15 pm ]
Post subject:	Re: Radius On Premise II - Compatibility with vSphere 4
Thank you Samir, Will you be able to let me know once there is an estimated release date for this? Also, I would be happy to help test the image before general release. Thanks again, Jonathan

Author:	samir [ Wed Jun 15, 2011 12:05 pm ]
Post subject:	Re: Radius On Premise II - Compatibility with vSphere 4
Thank you for your interest in testing the RoP! The next version of the RoP application is currently under road map. We will update you once the virtual image is ready for testing.

Author:	Andrew_Aust [ Fri Jul 08, 2011 5:02 am ]
Post subject:	Re: Radius On Premise II - Compatibility with vSphere 4
Hi Jonathan, the issue you are struggling with is that the vmware image needs to be converted prior to use. I have seen lots of people confused by this, and generally how to set up the ROPII. Here is a quote from an earlier post of mine about this: Quote: Now there are some things that you should know that were not readily apparent from the info in the documentation that comes with the ROPII server: • You cannot put the downloaded ROPII server straight onto your ESX server and boot it up. You have to first convert the image. Fortunately you can do this by using the free Standalone VM Converter available to download from VMWARE. You can get it here: http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vcenter_converter_standalone/4_0?rls=com.microsoft:en-au:IE-Address&q=vmware%20converter%20download&oq=vmware%20converter&aq=1&aqi=g10&aql=&gs_sm=e&gs_upl=767251l770529l0l16l13l0l4l4l0l351l2050l1.3.2.3 I recommend you have a look at the whole post, as I have tried to give a detailed 'how to' for the ROPII, and there is some info in there gained through LOTS of trial and error, that hopefully you won't now have to go through too! http://forum.yubico.com/viewtopic.php?f=4&t=678 As they are fond of saying on this forum - Hope this helps!

Author:	Jonathan [ Fri Jul 08, 2011 10:39 pm ]
Post subject:	Re: Radius On Premise II - Compatibility with vSphere 4
Thanks Andrew! I will try these steps as soon as I can, which will likely be sometime next week.

Author:	Jonathan [ Fri Jul 15, 2011 1:38 am ]
Post subject:	Re: Radius On Premise II - Compatibility with vSphere 4
I went to follow your instructions Andrew_Aust, when I noticed that it appears a new article was put on Yubico's Wiki today relating to a VMWare Appliance version of the RoP server: http://wiki.yubico.com/wiki/index.php/Y ... ersion_3.0 It looks like Samir may have delivered! I'm going to give this new Virtual Appliance a shot and test it out. I'll post any difficulties I run in to here.

Author:	Neal [ Fri Jul 15, 2011 4:03 pm ]
Post subject:	Re: Radius On Premise II - Compatibility with vSphere 4
Yep the new Radius on Premise V3 is out and works well. I did hit 2 issues though: Firstly setting the network address to static. Using the Webmin interface I tried 3 times and each time had issues (wrong network address saved, no network interface active on reboot, etc). Not sure if it was just me or if there is some problem with that script. Either way I just went to the network config file (/etc/network/interfaces) and set it manually and its been fine since. The other issue was with the new RadTest feature which lets you test username & Password & OTP combinations - it kept timing out for me. Obvious with hindsight but you need to add 127.0.0.1 to the clients allowed to connect under your domain -> configuration tab. I probably missed this obvious point because the guide is so good with step by step instructions I'd stopped thinking of the big picture. When the guide says to enter your shared secret, username, password and OTP to test thats what I did. Maybe if an extra line was added to the guide saying "Before using this make sure you have setup the shared secret for 127.0.0.1 in the domains config tab" or similar... Very nice feature for troubleshooting once it was working! Overall a nice improvement on version 2. Thanks to everyone at Yubico for all their hard work!

Author:	Jonathan [ Mon Jul 18, 2011 6:00 pm ]
Post subject:	Re: Radius On Premise II - Compatibility with vSphere 4
Well, just wanted to update that I've been going through the setup of the YVA version 3.0 according to the instructions here: http://wiki.yubico.com/files/Yubico_Yub ... ide_V1.pdf Most of it has been pretty smooth so far and the documentation is well-written. I did find one area where an explanation seemed missing though. At section 4.2.2, step 2, sub-step f: If we are doing a local validation server with a Validation Server Client ID of "1", what should our Validation Server API Key be set to? My understanding of how this API key works is a little fuzzy, especially in an environment that is doing local authentication only. I've tried searching the forums for some clarification on this, though the search function does not appear to be working for me (always tells me that all of my search words were excluded for being too short or too long, even though they words are between 3 and 14 characters as required). Any help would be greatly appreciated! Thanks again, Jonathan

Author:	Andrew_Aust [ Tue Sep 20, 2011 1:26 pm ]
Post subject:	Re: Radius On Premise II - Compatibility with vSphere 4
Not sure if you have managed to get past your question about the Validation Server API Key, but the answer is, you leave these fields blank if you are using local validation. ( I agree that the userguide is unclear about this.) Also, if you have managed to get past this, you may have struck the 'LDAP not validating' issue I hit - the system was converting my user passwords to lower case, which caused them to fail LDAP bind. Version 3.0.1 has this issue - there is now a 3.0.2 which may have this fixed. I have posted the issue and the fix here: http://forum.yubico.com/forum/viewtopic.php?f=5&t=711

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/