I have rebuilt using 2 servers (server1 and server2) using V3.5.4 and setup sync between them.
(V3.5.4 because HardKnoX and I cannot get users to associate with tokens with a fresh install of V3.6.0)
That's all working good using V3.5.4. User accounts have been imported from Active Directory successfully and correctly on both server1 and server.
If I manually logon to server1 using the webadmin and associate
user1@co.local with a token on server1, then, shortly thereafter on server2,
user1@co.local shows being associated with the same token. Good...
I have globally enabled auto provision on both server1 and server2 AND additionally I have enabled auto provision within the specific domain "co.local" on both server1 and server2.
Right, the problem:If a valid user logons (say
user2@co.local) and is authenticated by say, server1 and this user does NOT have a token associtaed with them, then auto provision kicks in and they get authenticated successfully, just as expected. The issue is, in webadmin on server1, "user2" shows as NOT have having a token assigned to them!
If you then run the "
Reports" - "
YubiKey Assignment" this shows that
user2@co.local does in fact have a token assigned.
Interestingly, if you then logon to server2 using webadmin, again, under the domain "co.local", user2 is shown as NOT have a token assigned to them, yet, the YubiKey Assignement report on server2 also shows that
user2@co.local does have a token.
This means we cannot delete tokens from users, becuase, according to webadmin, no user has any tokens assigned (except for any manual token assignments we manually did).
Login
FAQ
Search
