802.1X Radius with Yubikey

Philip Wege philipw at binobyte.com
Wed Oct 29 10:01:36 CET 2014


Hi All

Has anyone managed to get yubikeys to work with wireless network access using yubikeys ? 

I'm trying to get 802.1x to work with yubikeys using freeraduis 3, local user in the users file  and the yubikey module. I'm constantly running into the same error which is shown below:

yubikey : No cleartext password in the request. Can't do Yubikey authentication

Default eap type is peap and default eap type under peap is gtc and gtc auth type is pap

I'm testing with a user defined in the users file and I'm trying authorize and authenticate as shown below in the inner tunnel:

Authorize :

eap
        if (ok || updated) {
                        yubikey
                        files
                        }
        else {
                reject ( This is so that if no yubikey is submitted along with password radius should reject the auth * this works in default when authing vpn access under the yubikey authorize * )
        }

Authenticate : 

        Auth-Type PAP {
                yubikey
                pap
        }


I have tried defining a separate auth type like suggested in a previous mailing list post but startup kept on failing with error unknown auth type for eap_gtc yubikey when trying to do this:

Auth-Type yubikey {
                yubikey
                pap
        }


More information about the Freeradius-Users mailing list