Skip to main content

A customer has donated this documentation on how to get the WiKID 2 Factor rpms (which are for Redhat flavors) running on Suse

Install java - (download from Oracle latest stable and install into /opt/java) 


ln -s /opt/java /usr/java (assuming java is setup in the default place) 

yast install: 

findutils-locate postgres-server posgres-libs www-perl libs 


rpm -ivh --nodeps wikid-utilities-3.0.5-1.i386.rpm 
rpm -ivh --nodeps wikid-server-enterprise-3.4.81.b676-1.noarch.rpm 

After installing the above modify the following: 

vim /opt/WiKID/sbin/ 


. /etc/WiKID/ 


TMPLOG=`mktemp -t wikid-installXXXXX` || exit 1 

## let's see if we need to start postgres 
if [ "1" = "$pgstatus" ]; then 
$WIKID_HOME/sbin/ postgresql start > /dev/null 2>&1 

psql -h localhost -U postgres wikid -l > /dev/null 2>&1 

if [ "$wikid_db_check" != 0 ]; then 
echo "Initializing WiKID database ..." 

#$SUDO postgres "psql -h localhost -d template1 -f $DIR/db-users.sql" 
#$SUDO postgres "psql -h localhost -d template1 -f $DIR/wikid-schema.sql" 
#$SUDO postgres "psql -h localhost -d wikid -f $DIR/db-data.sql" 

psql -d template1 -f $DIR/db-users.sql 
psql -d template1 -f $DIR/wikid-schema.sql 
psql -d wikid -f $DIR/db-data.sql 

sleep 3 
) >> $TMPLOG 2>&1 
grep -v "NOTICE:" $TMPLOG 
cat $TMPLOG >> $LOG 

## stop postgres if it was running when we started 
if [ "1" = "$pgstatus" ]; then 
$WIKID_HOME/sbin/ postgresql stop > /dev/null 2>&1 

Then once the file is modifed do the following: 

vim sbin/ 

near the top there is a sanity check that needs to be modified 
replace /etc/redhat-release with /etc/SuSE-release 

chmod a+rw /opt/WikiD/log/install.log (not sure whether this is necessary - but got permission errors during the install so changed it) 

Run the /opt/WikiD/bin/wikidctl setup (follow the steps --- you will see it fail to create the database--- it generates the ca cert) 

Then intall the database manually as root 

su - postgres 

Ctrl +D (switch back out of postgres) 

as root run: 

Then make sure that sshd allows TCP Forwarding (or you can't tunnel to the admin UI) -Useful if your server is in a remote datacentre.

Install the Yast Firewall module and cancel out (WiKID will set IPtables. Once WiKID has done this run the following as root: 

You may want to add a few things to IPTABLES... eg: 
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -s -j ACCEPT 
/sbin/iptables -I OUTPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT 
/sbin/iptables -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT 


iptables-save > /etc/sysconfig/network/iptables.fw 

Then so that the custom rules come back on reboot do: 

vim /etc/rc.local 
iptables-restore < /etc/sysconfig/network/iptables.fw 

/opt/WiKID/bin/wikidctl start 

Complete the setup of clients through the management web ui. 
Configure your radius auth- following the simple instructions on WiKID's wiki for your VPN - this will put in new iptables for the radius and is why you should not use the YAST module setup for the Firewall. 

Test :)


Copyright © WiKID Systems, Inc. 2017 | Two-factor Authentication