Yubico Forum
https://forum.yubico.com/

Integration after setting up YubiRADIUS
https://forum.yubico.com/viewtopic.php?f=29&t=1211
Page 1 of 1

Author:  sspaise [ Thu Oct 24, 2013 4:01 pm ]
Post subject:  Integration after setting up YubiRADIUS

Hi Everyone,

Please forgive me if this has been asked before or is fully documented but I couldn't find anything.

Today I have setup a YubiRADIUS server in our corporate environment and integrated it with our active domain server.

Users have been imported from the domain and RADtest and OTP test were successful using my test yubikey.

I am now looking to integrate this into the following:

1. LDAP integration for desktop and VPN account logins.
2. SSH integration to our customers servers.

This should use our local YubiRADIUS server for authentication, and not yubico's online servers.

Is anyone able to point me in the direction of how to accomplish this as currently it does not appear to work with LDAP (I haven't yet tried integration with SSH).

Any help will be greatly appreciated.

Many Thanks!
Sam

Author:  sspaise [ Thu Oct 24, 2013 4:15 pm ]
Post subject:  Re: Integration after setting up YubiRADIUS

Ok I've found the pam stuff for SSH so no need for that.

However the LDAP stuff still stands as for some reason they still dont authenticate. Does something require doing on the AD server to get this working?

Author:  samir [ Tue Oct 29, 2013 11:52 am ]
Post subject:  Re: Integration after setting up YubiRADIUS

Hello,

Please see the following details given as per your requirement:

1. LDAP integration for desktop and VPN account logins.

The VPN device which supports RADIUS protocol can be configured with the YubiRADIUS. You can use NetMotion Mobility server configuration for the desktop login with the YubiRADIUS for two factoor authentication. For windows desktop please refer following link http://wiki.yubico.com/wiki/index.php/A ... #NetMotion

2. SSH integration to our customers servers.

Yubico offers open source PAM module ( http://code.google.com/p/yubico-pam/ ) that can closely meet your requirements. Please refer to page http://code.google.com/p/yubico-pam/wik ... dSSHViaPAM which explains how you can configure and use the PAM module to implement YubiKey based two-factor authentication for SSH.

Since you are looking at either the root password OR a valid YubiKey OTP for authentication instead of two-factor authentication, you can make relevant changes to the PAM configuration to achieve the desired result.

Please see more details at http://www.yubico.com/ssh-authentication

Hope this helps!

Thanks and best regards,
Samir.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/