| *** nowen (~nowen@adsl-176-210-205.asm.bellsouth.net) has joined #wikid | 13:36 | |
| *** davidspollack (4a022302@gateway/web/freenode/ip.74.2.35.2) has joined #wikid | 20:31 | |
| davidspollack | hi | 20:31 |
|---|---|---|
| davidspollack | im considering the wikidsystems 2 factor system ... and have some questions | 20:31 |
| davidspollack | hello? | 20:32 |
| *** davidspollack has quit (Client Quit) | 20:35 | |
| *** dpollack (4a022302@gateway/web/freenode/ip.74.2.35.2) has joined #wikid | 21:14 | |
| dpollack | hello | 21:27 |
| nowen | hi | 21:27 |
| nowen | just sent you an email | 21:28 |
| nowen | we currently only have master/slave replication | 21:28 |
| dpollack | sorry phone call | 21:29 |
| nowen | np | 21:29 |
| dpollack | so if i had 3 servers I could have one master & 2 slaves? | 21:34 |
| nowen | not at this time. the next major release will allow for 3 masters | 21:34 |
| dpollack | ok | 21:35 |
| dpollack | can you explain, in a nutshell, wher ethis would fit in to my VPN config? | 21:35 |
| dpollack | i currently use a cisco ASA 5510 | 21:35 |
| dpollack | and we are doing CLIENT vpn | 21:36 |
| nowen | sure. just use radius | 21:36 |
| dpollack | with a windows ISA radius | 21:36 |
| nowen | yeah | 21:36 |
| nowen | does the cisco talk to the ias now? | 21:36 |
| dpollack | and the IAS authenticates windows AD users/pwd | 21:37 |
| dpollack | yes | 21:37 |
| nowen | just add WiKID as a radius server in IAS and create a policy to proxy authentications to it | 21:38 |
| nowen | http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-configure-ias-to-support-two-factor-authentication/ | 21:38 |
| dpollack | ok thanks | 21:41 |
| dpollack | why not just replace the IAS server with the wikiid server? | 21:46 |
| dpollack | just wondering | 21:46 |
| nowen | well, depends, but the best reason is then all you need to do is remove a user in AD and they have 0 access. otherwise, remove in AD and WiKID | 21:47 |
| dpollack | ah ok. | 21:47 |
| dpollack | so the IAS server proxies over to the WikID radius server | 21:48 |
| dpollack | is it possible to keep the wikid ID database updated as AD changes? | 21:48 |
| nowen | yes, but first validates that the users are active and in the right group (if you configure it that way) | 21:48 |
| dpollack | right, but it passes to wikid for the pwd auth | 21:48 |
| nowen | we don't currently have a mechanism to remove users from wikid if they are deleted from AD, if that's what you mean. it could be done though via an ldap script | 21:49 |
| dpollack | wikid is running ldap under the hood ? | 21:50 |
| nowen | no - the script would make an ldap call to ad | 21:50 |
| dpollack | k | 21:52 |
| dpollack | luckily we're small so its not a big issue, but im sure its a showstopper for big clients | 21:52 |
| dpollack | in any case I'm loking forward to trying it out. | 21:56 |
| dpollack | looking | 21:56 |
| nowen | cool. we're here to help | 21:56 |
| dpollack | not every day you get the CEO doing tech support on IRC ;) | 21:56 |
| nowen | hehe | 21:57 |
| *** dpollack has quit (Quit: Page closed) | 22:10 | |
| nowen | later all | 22:25 |
| *** nowen has quit (Quit: Leaving.) | 22:25 | |
| *** MRicketts (d8ed3803@gateway/web/freenode/ip.216.237.56.3) has joined #wikid | 23:39 | |
| *** MRicketts has quit (Client Quit) | 23:41 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!