| *** nowen (~nowen@adsl-176-210-205.asm.bellsouth.net) has joined #wikid | 12:11 | |
| *** SEJeff_work (~jeff__@209.160.84.1) has joined #wikid | 16:13 | |
| *** SEJeff has quit (Ping timeout: 276 seconds) | 16:16 | |
| *** SEJeff_work has quit (Ping timeout: 252 seconds) | 16:23 | |
| *** SEJeff_work (~jeff__@209.160.81.1) has joined #wikid | 16:35 | |
| *** mwpeterson (40f1258c@gateway/web/freenode/ip.64.241.37.140) has joined #wikid | 18:00 | |
| mwpeterson | so, nowen, your openvn server... | 18:03 |
|---|---|---|
| nowen | oh, is it still up? | 18:03 |
| mwpeterson | is it up and I can't get to it from where I'm at? | 18:03 |
| mwpeterson | or is it not up and working as expected? :) | 18:04 |
| mwpeterson | because it's not answering, but who knows how much filtering Panera is doing on outbound connections | 18:05 |
| nowen | works for me | 18:05 |
| nowen | on ubuntu | 18:05 |
| mwpeterson | host: ec2-174-129-51-65.compute-1.amazonaws.com port: tcp 1194 | 18:05 |
| mwpeterson | is what I have in the client.conf from your zip | 18:06 |
| nowen | hmm. I have 204.236.215.179 | 18:06 |
| mwpeterson | that's differently bad. :) connection refused on tcp 1194 | 18:07 |
| mwpeterson | switching to udp gets me further | 18:11 |
| mwpeterson | self-signed certificate error now. | 18:11 |
| nowen | I've uploaded my working client.conf file to www | 18:13 |
| *** mwpeterson has quit (Ping timeout: 265 seconds) | 18:21 | |
| *** mwpeterson (40f1258c@gateway/web/freenode/ip.64.241.37.140) has joined #wikid | 18:28 | |
| mwpeterson | I either fell, off or the webclient just gave up displaying anything when it got to the bottom of the screen :) | 18:28 |
| nowen | oops | 18:29 |
| nowen | did you get me msg that I uploaded a working client.conf? | 18:29 |
| mwpeterson | I did. | 18:30 |
| mwpeterson | downloaded it from www/webdemo/client.conf | 18:30 |
| mwpeterson | got the ca.crt from there as well] | 18:30 |
| mwpeterson | getting self-signed certificate errors from openvpn | 18:30 |
| nowen | huh | 18:31 |
| mwpeterson | yeah, that's my take on it as well. | 18:31 |
| nowen | aren't all openvpn certs self-signed, if you use there stuff | 18:31 |
| nowen | you have to go out of your way to use signed certs | 18:31 |
| mwpeterson | *shrug* openvpn is outside my solution domain, for now. | 18:32 |
| nowen | this is on a mac? | 18:33 |
| mwpeterson | but if we're beyond all the obvious things and it's working for you, then I can fight with it later | 18:33 |
| nowen | command line or some gui client? | 18:33 |
| mwpeterson | mmhmm, using Viscosity gui | 18:33 |
| nowen | some setting in it? | 18:33 |
| mwpeterson | nothing obvious | 18:33 |
| mwpeterson | if you see strange tweets from me, you'll know somebody at Panera was running firesheep :) | 18:34 |
| nowen | hehe | 18:35 |
| mwpeterson | <subject change/> | 18:35 |
| mwpeterson | challenge response with mobile tokens when network is unavailable | 18:36 |
| nowen | ok | 18:36 |
| mwpeterson | how's that work? where do I get the challenge? | 18:36 |
| nowen | your network client has to support it. it is a radius standard, but adoption may vary | 18:36 |
| nowen | you can test it via example.jsp | 18:36 |
| mwpeterson | ok. | 18:36 |
| mwpeterson | so right now I got it trying to get a token from your example server | 18:37 |
| mwpeterson | since your server didn't give me a challenge, this won't work. | 18:37 |
| nowen | from www? | 18:38 |
| nowen | yeah, I don't have that setup there | 18:38 |
| mwpeterson | probably same story for openssh/pam/linux/radius with my wikid server | 18:38 |
| nowen | hmm, I could set up a whole example.jsp page online now that I think about it | 18:39 |
| nowen | that could be a nightmare though | 18:39 |
| nowen | have to think about that | 18:39 |
| nowen | I've heard that some flavors of pam support it | 18:39 |
| mwpeterson | good to know. I'll add it to the copious freetime list. | 18:40 |
| mwpeterson | though, I can't imagine how often I'd be able to ssh when I have no network. | 18:40 |
| nowen | haha | 18:40 |
| nowen | that's the thing | 18:40 |
| nowen | people ask about offline pre-sales. | 18:41 |
| nowen | never after they deploy | 18:41 |
| nowen | people tend to buy phones that work in the places they go, or go places they work | 18:41 |
| mwpeterson | that other really secure authentication company probably has it | 18:41 |
| nowen | time-based systems probably don't need it | 18:42 |
| mwpeterson | I can see a slightly contrived example where you require wireless tokens to decouple it from the laptop, but you work in a TEMPEST shielded building with no cell coverage. | 18:42 |
| mwpeterson | nothing I'd want to support, of course. | 18:42 |
| nowen | or perhaps you just have to use their proprietary protocol and not radius | 18:42 |
| mwpeterson | blech. did that in a previous life. they were always about a version behind the version of Solaris I was running. | 18:44 |
| mwpeterson | I'm much happier without all that headache. | 18:45 |
| mwpeterson | thanks! | 18:45 |
| nowen | yeah. "Certified" to with our product == lock in ;) | 18:46 |
| *** finalbeta_ (~finalbeta@ip-83-134-158-172.dsl.scarlet.be) has joined #wikid | 19:13 | |
| *** finalbeta has quit (Ping timeout: 250 seconds) | 19:16 | |
| *** mwpeterson has quit (Quit: Page closed) | 20:41 | |
| *** nowen has quit (Quit: Leaving.) | 21:24 | |
| *** proprietarysucks (~nathanr@static-96-247-50-178.lsanca.fios.verizon.net) has joined #wikid | 22:56 | |
| proprietarysucks | hi, interested in some help getting set up if anyone is around | 22:56 |
| proprietarysucks | I've tried the community as well as enterprise iso. | 22:56 |
| proprietarysucks | trying to get google sso + wikid going | 22:56 |
| proprietarysucks | for the sole purpose of being able to control access to our google apps domain by ip address | 22:57 |
| proprietarysucks | after setting the apps domain to have the certificate and to redirect, it just doesn't redirect. not sure if I'm missing something | 23:38 |
| proprietarysucks | with my laptop I go to the google docs site and it just goes straight to the normal google log in page | 23:39 |
| proprietarysucks | I was under the impression it was going to go to the wikid log in page | 23:39 |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!