Hi All Has anyone managed to get yubikeys to work with wireless network access using yubikeys ? I'm trying to get 802.1x to work with yubikeys using freeraduis 3, local user in the users file and the yubikey module. I'm constantly running into the same error which is shown below: yubikey : No cleartext password in the request. Can't do Yubikey authentication Default eap type is peap and default eap type under peap is gtc and gtc auth type is pap I'm testing with a user defined in the users file and I'm trying authorize and authenticate as shown below in the inner tunnel: Authorize : eap if (ok || updated) { yubikey files } else { reject ( This is so that if no yubikey is submitted along with password radius should reject the auth * this works in default when authing vpn access under the yubikey authorize * ) } Authenticate : Auth-Type PAP { yubikey pap } I have tried defining a separate auth type like suggested in a previous mailing list post but startup kept on failing with error unknown auth type for eap_gtc yubikey when trying to do this: Auth-Type yubikey { yubikey pap }
Has anyone managed to get yubikeys to work with wireless network access using yubikeys ?
They'll work with TTLS-PAP just fine.
I'm trying to get 802.1x to work with yubikeys using freeraduis 3, local user in the users file and the yubikey module. I'm constantly running into the same error which is shown below:
yubikey : No cleartext password in the request. Can't do Yubikey authentication
The error message is pretty clear. There's no User-Password attribute in the request at the time when you call the yubikey module,
Default eap type is peap and default eap type under peap is gtc
I'm not sure the server supports PEAPv1, could you post debugging output to show that it does? and that you have a supplicant that's actually doing PEAPv1. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
Thanks Aran All working. TTLS-PAP is working where GTC-PAP did not. Thanks -----Original Message----- From: freeradius-users-bounces+philipw=binobyte.com@lists.freeradius.org [mailto:freeradius-users-bounces+philipw=binobyte.com@lists.freeradius.org] On Behalf Of Arran Cudbard-Bell Sent: Wednesday, October 29, 2014 2:29 PM To: FreeRadius users mailing list Subject: Re: 802.1X Radius with Yubikey
Has anyone managed to get yubikeys to work with wireless network access using yubikeys ?
They'll work with TTLS-PAP just fine.
I'm trying to get 802.1x to work with yubikeys using freeraduis 3, local user in the users file and the yubikey module. I'm constantly running into the same error which is shown below:
yubikey : No cleartext password in the request. Can't do Yubikey authentication
The error message is pretty clear. There's no User-Password attribute in the request at the time when you call the yubikey module,
Default eap type is peap and default eap type under peap is gtc
I'm not sure the server supports PEAPv1, could you post debugging output to show that it does? and that you have a supplicant that's actually doing PEAPv1. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Arran Cudbard-Bell -
Philip Wege