On Fri, May 9, 2014 at 9:11 AM, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
Which you'd get if you rolled your own packages, and hey you'd actually be contributing something, because if you came across any defects, you might actually be able to provide useful debugging info.
I now have version 3.0.2 up and running with rlm_yubikey. For this testing setup, I'm simply trying to validate to the public yubicloud server using the validate mode. When I was using the rlm_perl based module, I was able to enter a user password, followed by the OTP token. The perl module extracted the OTP and passed on the user password for further authentication (in my case LDAP). Now when I use radtest like this: root@obelix-clone:/usr/src# radtest fes testingpasswordccccccdbkebjrndreglhlcdnrrkvcneruvcnnffieibr 127.0.0.1 0 testing123 Sending Access-Request of id 85 from 0.0.0.0 port 56523 to 127.0.0.1 port 1812 User-Name = 'fes' User-Password = 'testingpasswordccccccdbkebjrndreglhlcdnrrkvcneruvcnnffieibr' NAS-IP-Address = 172.16.35.65 NAS-Port = 0 Message-Authenticator = 0x00 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=85, length=20 Here's the output of the server: rad_recv: Access-Request packet from host 127.0.0.1 port 56523, id=85, length=121 User-Name = 'fes' User-Password = 'testingpasswordccccccdbkebjrndreglhlcdnrrkvcneruvcnnffieibr' NAS-IP-Address = 172.16.35.65 NAS-Port = 0 Message-Authenticator = 0xf4c430ea058e22ef07ef239f42b0270f Fri May 9 11:52:20 2014 : Debug: (0) # Executing section authorize from file /etc/freeradius/sites-enabled/default Fri May 9 11:52:20 2014 : Debug: (0) authorize { Fri May 9 11:52:20 2014 : Debug: (0) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Fri May 9 11:52:20 2014 : Debug: (0) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Fri May 9 11:52:20 2014 : Debug: (0) [preprocess] = ok Fri May 9 11:52:20 2014 : Debug: (0) modsingle[authorize]: calling yubikey (rlm_yubikey) for request 0 Fri May 9 11:52:20 2014 : Debug: (0) yubikey : User-Password value is not the correct length, expected 44, got 59 Fri May 9 11:52:20 2014 : Debug: (0) modsingle[authorize]: returned from yubikey (rlm_yubikey) for request 0 Fri May 9 11:52:20 2014 : Debug: (0) [yubikey] = noop Fri May 9 11:52:20 2014 : Debug: (0) if (ok) Fri May 9 11:52:20 2014 : Debug: (0) if (ok) -> FALSE Do you know of any way to regain the behaviour of the rlm_perl based module (user password AND OTP token for two factor authentication)? Should I maybe handle that in the configuration? Thanks, Frederic