| Yubico Forum https://forum.yubico.com/ |
|
| Yubiradius and two factor authentication troubleshooting https://forum.yubico.com/viewtopic.php?f=29&t=1217 |
Page 1 of 1 |
| Author: | sspaise [ Fri Oct 25, 2013 1:13 pm ] |
| Post subject: | Yubiradius and two factor authentication troubleshooting |
Hello All, Yesterday I successfully setup a yubiradius server for testing yubikey integration into our corporate network. I was able to import the users from our AD server and assign my user with a yubikey for testing. I am now attempting to use the troubleshoot tab to test two factor authentication. This has been failing and when looking in the logs I see this message: Fri Oct 25 12:08:42 2013 : Error: [ldap] cn=admin,dc=example,dc=com bind to 192.168.1.105:389 failed: Can't contact LDAP server Fri Oct 25 12:08:42 2013 : Error: [ldap] (re)connection attempt failed Our LDAP server is located at 10.0.13.11 and is pingable from the yubiradius, and clearly accessable as I was able to import our users list. All the configuration is correct for our AD server under the domain settings. Does anyone know where this 192.168.1.105 address is coming from? I have not set this up anywhere yet the troubleshooting for two factor authentication continually attempts to authenticate using this IP. I am at a loss here, any ideas? Many Thanks Sam |
|
| Author: | samir [ Tue Oct 29, 2013 8:15 am ] |
| Post subject: | Re: Yubiradius and two factor authentication troubleshooting |
Hello, In FreeRADIUS instance of YubiRADIUS, an OpenLDAP instance is already available preconfigured on the YubiRADIUS VM. As per your forum post, it seems that you might be used the already cached OpenLDAP entries. To make proper "User Import" configuration for your AD/LDAP, please use the following steps. Click on "User Import" tab >> click on "Advanced" button Please see the following details in the configuration for Advanced mode: Use Secure Connection? => No Directory Type => openLDAP ---> "Select as per your directory type as Active Directory or OpenLDAP" LDAP/AD Server Address or Host Name => <<AD/LDAP server IP address or hostname>> --> "here you might be entered 192.168.1.105" --> please put valid IP address for your AD/LDAP i.e. "10.0.13.11" Backup LDAP/AD Server Address or Host Name ==> optional or same as above Port (use 0 or blank to use the default port) ==> 389 LDAP Version ==> 3 Base DN ==> dc=example,dc=com --> "here this is the default domain available on the local openldap instance" --> please put valid domain entry available on the AD/LDAP you have" User DN ==> cn=admin,dc=example,dc=com --> "Please put valid admin user available on your AD/LDAP" Password ==> yubico --> "Please put password for your AD/LDAP admin user password here" Schedule ==> None Filter ==> (objectClass=person) Login Name Identifier ==> uid ---> " If you use LDAP use value as "uid" and if you use Active Directory use "sAMAccountName" as identifier Click on "Save" and then Click on "Import Users" Hope this helps! Thanks and best regards, Samir. |
|
| Author: | jschreiner [ Tue Nov 05, 2013 6:07 pm ] |
| Post subject: | Re: Yubiradius and two factor authentication troubleshooting |
Run this and see if you can find where the ip is entered. grep 192.168.1.105 /etc/freeradius/* |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|