Install PrivacyIdea on Ubuntu 18.04

gromta · September 24, 2018, 7:33am

Hi,
im have trouble to install privacyidea on a Ubuntu 18.04.
I tried all the Installation Guides. With the PrivacyIdea Bionic Repo there is no way to install the package, because its not found. If i change the Repo to Xenial i could install PrivacyIdea. But the problem is here that Ubuntu tells me the RNG-Tools Package is not a viable Installmedium.

I thought a install should be quick and easy. What im doing wrong?

Also the Windows 2 Factor is only possible with credential provider or? Do we need to contact the company ? We want to roll out privacyidea to our customers if its fit our conditions.

cornelinux · September 24, 2018, 8:56am

Hello,

thanks for your interest in privacyIDEA.

im have trouble to install privacyidea on a Ubuntu 18.04.
I tried all the Installation Guides. With the PrivacyIdea Bionic Repo there is no way to install the package, because its not found. If i change the Repo to Xenial i could install PrivacyIdea. But the problem is here that Ubuntu tells me the RNG-Tools Package is not a viable Installmedium.
I thought a install should be quick and easy. What im doing wrong?

You are not following the guides!
The guides do not tell, that there are packages for 18.04 - only 16.04 and 14.04:
https://privacyidea.readthedocs.io/en/latest/installation/ubuntu.html
So if you want to run on 18.04, you still need to use the pip installation.

Also the Windows 2 Factor is only possible with credential provider or?

Yes. Microsoft does not allow to do otherwise!

Do we need to contact the company ?

Yes

We want to roll out privacyidea to our customers if its fit our conditions.

Then you should check and decide to either use it or drop it.

Kind regards
Cornelius

gromta · September 24, 2018, 9:28am

Hey thanks for your answer. I already started a download for 16.04.

cenix102 · February 19, 2019, 9:59am

Hi all,

Is there still no way at the moment to install PrivacyIdea on Ubuntu 18.04?

Thanks for help!!

Best regards

cornelinux · February 19, 2019, 11:56am

Hi,

“no way” is wrong. There are a lot of ways to install on 18.04.
The only thing is, there are no ready made packages.

Kind regards
Cornelius

keating178 · July 1, 2019, 9:54pm

I see that I can install this on 18 without an already made package but I do have another concern that may prevent me from installing it.

It sounds like I will need to have a separate service to make this application run with my Microsoft AD environment, is that correct?

How do I go about installing that and what does that entail?

Thanks
-B

cornelinux · July 2, 2019, 11:50am

Just to make one thing clear to the previous posters: You now can install privacyIDEA on 18.04 with packages.
Read https://privacyidea.readthedocs.io/en/latest/installation/ubuntu.html.
Please note, that you should use the devel repo:

add-apt-repository http://lancelot.netknights.it/community/bionic/devel

Hi @keating178
welcome to the privacyIDEA community.

How do you mean you need a separate service? What do you want to achieve?

Stating “make it run with Microsoft AD” is not really clear.

Kind regards
Cornelius

keating178 · July 2, 2019, 3:12pm

I have read a few places that a service such as “DUO” will need to be used to do what we need.

What we are trying to accomplish: We need to be able to force multi-factor authentication on our AD accounts. We need to start with a few accounts for testing then have the ability to enable it and possibly force it to all users

I hope that clears up the “make it run with Microsoft AD” for you.

I did manage to get PrivacyIdea installed yesterday and my plan is to start playing with it today and tomorrow. Hopefully it will end up doing what we need it to.

Thanks for everything.
-B

cornelinux · July 2, 2019, 4:30pm

force on our AD accounts

This really sounds a bit generic.
If you really want to be that generic, privacyIDEA can not help you.

The AD account gets its ticket granting ticket either by passwords or by certificates. Other mechanism are not supported by Microsoft AD!

If you wan to add a 2nd factor when logging in to a windows machine, this however is possible.

You can use the privacyIDEA Credential Provider. This protects a windows machine, not the AD account. I.e. it works on this very machine, it does not work on the domain controller / KDC!

It requests the username, the windows password and the 2nd factor. The TGT however is received from the domain controller/KDC via password.

Hope this helps,
Cornelius

cwhitsbm · July 2, 2019, 4:55pm

Thank you @cornelinux. We need to be able to use 2FA with Windows login credentials when users are accessing their machine.

cornelinux · July 2, 2019, 5:28pm

You might want to check out, if the privacyIDEA Credential Provider suites your needs:

Open source: https://github.com/privacyidea/privacyidea-credential-provider

Ready made signed MSI package: https://netknights.it/en/produkte/privacyidea-credential-provider/ which you can get from https://netknights.it

keating178 · July 2, 2019, 9:32pm

Can privacyidea and the credential provider be integrated into ADFS so ADFS is made to require 2FA for those logins?

cornelinux · July 3, 2019, 5:49am

One thread with at least three topics. That is much.
@cwhitsbm @keating178 please open a new thread if you have a new question / new topic in the future.

@keating178 the credential provider is for authenticating locallay at a windows client or server or via RDP to a windows desktop.
For ADFS you use the ADFS plugin https://github.com/sbidy/privacyIDEA-ADFSProvider/

As I am a Linux guy and not a Windows guy I am not 100% sure if there are not possibilities to use the credential provider for ADFS.

bystandard · August 4, 2019, 8:29pm

@cornelinux Hi, it looks like pakage was moved from the server. Could you check please?
apt install privacyidea-apache2
Err:1 http://lancelot.netknights.it/community/bionic/stable bionic/main amd64 privacyidea-apache2 all 3.0.2-2-1bionic
404 Not Found [IP: 46.4.114.140 80]