Hi Aaron,
I fixed the typo,
added the dictionary file to nginx
and added a check to raise an exception if the RADIUS secret is too
long.
Thanks a lot and
kind regards
CorneliusAm Freitag, den 20.05.2016, 12:43 -0700 schrieb Aaron McCrea:
On Microsoft NPS/IAS there is a “generate shared secret” option that
makes keys that look like this:
Q2RuFq03x2@U&5Wazxkm1@pfedNOz9@$Uysj^tAeK%RvvFnmM#xyO$!EyGgHDYCD
I used one that is 24 characters in length and it worked. I am fine
using a shorter one, but an error that tells you to shorten it would
make troubleshooting easier.
I used nginx, so that must be my problem with the dictionary.
I installed on Ubuntu from the repository as follows:
add-apt-repository ppa:privacyidea/privacyidea
apt-get update
apt-get install python-privacyidea privacyideaadm
apt-get install privacyidea-nginx
apt-get install privacyidea-radius
For the dictionary, I tried leaving the field blank and got the error:
[Errno 2] No such file or directory: ‘/etc/privacyidea/dictinoary’
Note the mis-spelling “dictinoary” in the error message. I thought
just needed to type it without the misspelling, but there is not a
dictionary there. So I copied /usr/share/freeradius/dictionary
to /usr/share/freeradius/dictionary.privacyidea and commented out any
vendor lines that caused errors. That has it working now.
-Aaron
On Friday, May 20, 2016 at 10:36:35 AM UTC-7, Cornelius Kölbel wrote:
Hi Aaron,
thanks a lot for the feedback.
Let's see if we can fix this.
How long should the shared secret be?
The field of the secret is limited to 255 bytes. As the secret
is stored
encrypted, it is even shorter.
https://github.com/privacyidea/privacyidea/blob/master/privacyidea/models.py#L1791
You could however change the database schema in your database
and change
the length of the column "secret".
I would like to fix the issue with the dictionary file.
Did you install from the ubuntu repository?
I am just adding the dictionary file to the
privacyidea-apache2 package.
Hm, the test button... ;-)
Kind regards
Cornelius
Am Freitag, den 20.05.2016, 09:50 -0700 schrieb Aaron McCrea:
> I have been playing around with adding a RADIUS server to
use for a
> pass through policy and was having quite a bit of trouble. I
worked
> through some problems with the dictionary files by copying
the
> Freeradius dictionary and commenting out any includes that
were
> causing errors. After that, I could not get the "Send test
RADIUS
> request" to work. It would just pop up a blank red box (no
text
> included) and authentication on my radius server logs show
it was
> rejected. I knew my radius server was fine as radclient from
the
> privacyidea server worked perfectly. Finally I was just
about to give
> up and post here when I wondered if maybe the problem was
only with
> the test button. Sure enough, a passthrough policy works
fine. It is
> just the test button that doesn't seem to work for me. It
was helpful
> in showing errors for the dictionary problem, but did not
actually
> work for authentication.
>
>
> Also, it seems to be a bit picky about the length of the
shared
> secret. I had a really long one and that wouldn't work.
Shorter ones
> worked fine.
>
>
> Just wanted to share in case others were having any
trouble.
>
>
> -Aaron
> --
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two
factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL
AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and
LIABILITY:
>
https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the
Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails
from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to
priva...@googlegroups.com.
> Visit this group at
https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/privacyidea/cf56c2bf-ae22-46c4-91d5-aab1d0034fb4%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
–
Please read the blog post about getting help
Getting help – privacyID3A.
For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/6ecd7870-1336-4c46-9ebd-5f18e0aca525%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)