| *** Ownage (~yourmom@static-96-247-50-178.lsanca.fios.verizon.net) has joined #wikid | 01:39 | |
| Ownage | Hi, I've decided to try to use wikid community version, I've not been successful installing it yet. Can someone help me out? | 01:40 |
|---|---|---|
| *** remix_tj has quit (Quit: http://quassel-irc.org - Chat comfortably. Anywhere.) | 08:04 | |
| *** remix_tj (~remix_tj@ip6.server.remixtj.net) has joined #wikid | 08:05 | |
| *** nowen (~nowen@adsl-176-210-205.asm.bellsouth.net) has joined #wikid | 13:13 | |
| nowen | morning Ownage | 13:14 |
| nowen | let me know if you have any WiKID questions | 13:15 |
| *** skraito (~unknown@unaffiliated/skraito) has joined #wikid | 15:16 | |
| *** skraito has parted #wikid (None) | 15:16 | |
| *** nowen has quit (Ping timeout: 240 seconds) | 17:58 | |
| Ownage | hi, thanks | 18:18 |
| Ownage | I replied to you | 18:19 |
| Ownage | long story short 404: resource() is not available | 18:19 |
| *** Walter_ (d8ed17dd@gateway/web/freenode/ip.216.237.23.221) has joined #wikid | 19:26 | |
| Walter_ | Hi | 19:26 |
| Walter_ | Is anyone out there? | 19:26 |
| *** nowen (~nowen@adsl-66-184-38.asm.bellsouth.net) has joined #wikid | 19:54 | |
| nowen | hey folks - sorry internet was down | 19:55 |
| nowen | Walter_: let me know if you need anything | 19:56 |
| Walter_ | Yes | 20:02 |
| Walter_ | We have windows 2008 NPS (radius) running in our network. We have policies for network acccess. Not all admins have networking knowlege. Hence, we would like to limit access. Does your box have local authentication? | 20:03 |
| nowen | Walter_: not sure I follow. what do you mean by local auth? | 20:05 |
| nowen | the web admin and terminal are protected | 20:06 |
| nowen | so you can limit who has access | 20:09 |
| nowen | Ownage: does netstat show a tomcat listener on 443? | 20:09 |
| Walter_ | Does it integrate well with Microsoft NPS 008? | 20:09 |
| Walter_ | 2008 | 20:09 |
| nowen | yes, radius is an excellent protocol | 20:10 |
| nowen | it "just works" | 20:10 |
| Walter_ | I am not using your product right now. I just wanted to know if there is away to configure local users on your box meaning that if admin adds himself to a security group then how do you deter that? | 20:10 |
| nowen | Walter_: we have some docs on that | 20:10 |
| nowen | the admin users on set in WiKID. It is completely separated from the auth funcations | 20:11 |
| *** Walter_ has quit (Quit: Page closed) | 20:24 | |
| nowen | Ownage: so you have a listener on 443, but can't browse to WiKIDAdmin? | 20:26 |
| Ownage | I get 404 that I posted | 20:27 |
| Ownage | description The requested resource () is not available. | 20:28 |
| nowen | are the war files unpacked in /opt/WiKID/tomcat/webapps? | 20:29 |
| nowen | Ownage: you should see directories in /opt/WiKID/tomcat/webapps and not just .war files | 20:52 |
| Ownage | ROOT wikid WiKIDAdmin WiKIDAdmin.war wikid.war | 21:52 |
| Ownage | thats my ls there | 21:52 |
| nowen | ls -all WiKIDAdmin | 21:52 |
| nowen | should be in there | 21:52 |
| Ownage | http://pastebin.com/mjtbReX5 | 21:53 |
| nowen | yep index.jsp | 21:54 |
| nowen | what browser are you using? | 21:54 |
| Ownage | I have ffox, chrome, konq | 21:54 |
| Ownage | tried on ff | 21:55 |
| Ownage | trying others | 21:55 |
| nowen | hmm | 21:55 |
| Ownage | same on chrome | 21:55 |
| nowen | k - I'm replicating now | 21:56 |
| nowen | I wonder if the /opt/java link is wrong | 21:56 |
| nowen | hmm. yes | 22:01 |
| nowen | ln -s /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/ /opt/java gets rid of the not found error | 22:02 |
| Ownage | I unlinked, made that link and did a /opt/WiKID/bin/wikidctl restart | 22:06 |
| Ownage | still get it though | 22:06 |
| nowen | hm. that screws up the cert creation though | 22:09 |
| nowen | it's looking for it in /opt/java/bin, not /opt/java/jre/bin | 22:09 |
| Ownage | yeah. this is all stuff I had reported in november, so not sure if it's fixed in any dev versions | 22:10 |
| nowen | you were able to create a cert, though? | 22:24 |
| nowen | and you opened the firewall for 443? | 22:24 |
| nowen | b/c I'm getting the same problems, but I am getting to the WiKIDAdmin site fine | 22:26 |
| Ownage | should I be creating a cert again? | 22:34 |
| nowen | if it's not there, the you'll be prompted to create it | 22:35 |
| Ownage | well I did have to install iptables for this, let me stop the service | 22:35 |
| Ownage | well I mean | 22:36 |
| Ownage | I get the cert, I'm connected to the server, it's just giving me a 404 not available, from tomcat | 22:36 |
| nowen | what's the url? | 22:37 |
| Ownage | https://sv-wikid01.xxx.com/WiKIDAdmin/ | 22:38 |
| nowen | hmm. try putting index.jsp on the ned | 22:39 |
| nowen | end | 22:39 |
| Ownage | same | 22:39 |
| nowen | and there's no error in catalina.out still? | 22:39 |
| nowen | hmm | 22:42 |
| Ownage | /opt/WiKID/tomcat/logs/catalina.out right? I cleared it out and wikidctl restart and tried to hit the page and I get no lines of log at all | 22:42 |
| nowen | run wikidctl stop | 22:43 |
| nowen | and then 'killall -9 java' | 22:43 |
| nowen | and then start wikid | 22:43 |
| Ownage | /opt/WiKID/tomcat/bin/catalina.sh: line 279: /opt/java/bin/java: No such file or directory | 22:44 |
| Ownage | there's the single line in the log | 22:44 |
| nowen | hmm | 22:48 |
| Ownage | bin is inside /opt/java/jre/ | 22:48 |
| nowen | also, I didn't have to use nodeps | 22:50 |
| nowen | are you doing this on a virtual instance? | 22:51 |
| Ownage | I had to do nodeps because I'm using openjdk | 22:52 |
| nowen | me too | 22:52 |
| Ownage | I didn't actually try without it _this_ time of doing the install | 22:52 |
| Ownage | all the previous times of doing it I had to, so I just went right to it this time | 22:53 |
| nowen | understood | 22:53 |
| Ownage | and yes, this is a vm | 22:54 |
| Ownage | I can clone, destroy, mock, etc and we're not in production on any level with it | 22:55 |
| Ownage | I can start wikid but can't even make the initial connection anymore | 22:56 |
| Ownage | I guess I was connecting to an old java process this whole time | 22:56 |
| Ownage | wikid-server-community-3.4.0.b3031-1 btw | 22:56 |
| nowen | this server had that on it too? | 22:57 |
| Ownage | this is a fresh install | 22:57 |
| Ownage | that's the version of the rpm I installed, the current one according to the site | 22:57 |
| Ownage | making sure we're on the same version | 22:58 |
| Ownage | since you seem to have different results | 22:58 |
| nowen | ahh | 22:58 |
| Ownage | I just made a symlink for bin -> jre/bin | 22:58 |
| Ownage | lets see what that does | 22:58 |
| nowen | that's not the latest | 22:59 |
| nowen | http://sourceforge.net/projects/wikid-twofactor/files/WiKID_Server/3.4/ | 22:59 |
| Ownage | oh weird | 22:59 |
| Ownage | the link that says | 22:59 |
| Ownage | Looking for the latest version? Download two-factor authentication server (64.4 MB) | 23:00 |
| Ownage | is apparently not the latest at all =/ | 23:00 |
| nowen | what link? | 23:00 |
| nowen | on our website? | 23:00 |
| Ownage | top of the page you just linked me | 23:00 |
| Ownage | right above Home/WiKID_Server/3.4 | 23:01 |
| nowen | oh year | 23:01 |
| nowen | yeah | 23:01 |
| nowen | that's odd. I wonder where they get that | 23:01 |
| Ownage | ok so newest is wikid-server-community-3.4.65.b481-1 right? | 23:02 |
| nowen | yes | 23:02 |
| Ownage | ok so I'm going to restart this process, takes only a momnet | 23:04 |
| Ownage | moment* | 23:04 |
| nowen | ok, not sure how to change that setting on sf.net, so I deleted the file ;) | 23:06 |
| nowen | I have to go soon. it's 6:17 now | 23:07 |
| Ownage | nooooooooo | 23:07 |
| Ownage | so for you it works after making the symlink change? | 23:08 |
| nowen | ok, we'll run through the install one time. lemme call home | 23:08 |
| Ownage | vm starting up now | 23:08 |
| nowen | actually, I wont you to try something elese | 23:08 |
| nowen | phone typing | 23:08 |
| Ownage | vm is up and ready for install | 23:09 |
| nowen | ok - start with | 23:10 |
| nowen | yum install java-1.6.0-openjdk compat-libstdc++-296 ntp system-config-date perl-libwww-perl postgresql postgresql-libs postgresql-jdbc postgresql-server postgresql-pl iptables | 23:10 |
| nowen | then install the two rpms and reboot | 23:10 |
| Ownage | running | 23:11 |
| Ownage | error: unpacking of archive failed on file /opt/WiKID/webapps/wikid.war;4d40aa72: cpio: read | 23:13 |
| Ownage | let me redownload | 23:13 |
| Ownage | must have screwed up last time, it's taking longer now | 23:14 |
| Ownage | ok there we go | 23:17 |
| Ownage | you are correct, no nodeps needed | 23:18 |
| nowen | ok, that's better | 23:18 |
| Ownage | ok its rebooting | 23:18 |
| Ownage | ok there we go | 23:23 |
| Ownage | so back up now | 23:23 |
| nowen | ok, run 'wikidctl setup | 23:23 |
| nowen | ' | 23:23 |
| Ownage | /opt/WiKID/sbin/make_tomcat_ssl_cert.sh: line 17: /opt/java/bin/keytool: No such file or directory | 23:24 |
| Ownage | right off the bat | 23:24 |
| Ownage | and it doesn't go into the cert making obviously | 23:24 |
| Ownage | I literally only did the two steps you said | 23:24 |
| Ownage | do you want me to symlink like in the walkthrough | 23:24 |
| Ownage | or to this new one you said earlier | 23:24 |
| Ownage | I'll do ln -s /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/ /opt/java | 23:25 |
| Ownage | same error | 23:25 |
| Ownage | let me do a bin -> jre/bin link too | 23:25 |
| Ownage | that does it | 23:26 |
| nowen | huh | 23:26 |
| Ownage | so you need both symlinks looks like | 23:26 |
| nowen | so odd. I didn't need either | 23:27 |
| nowen | or actually, mine was created | 23:27 |
| Ownage | well you need something, there's no /opt/java normally | 23:27 |
| nowen | java -> /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre | 23:27 |
| Ownage | <@nowen> ln -s /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/ /opt/java gets rid of the not found error | 23:27 |
| Ownage | you said this ln -s /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/ /opt/java gets rid of the not found error | 23:28 |
| Ownage | whoops sorry | 23:28 |
| Ownage | anyways so thats the one I did | 23:28 |
| Ownage | I'll try the jre one | 23:28 |
| nowen | yeah, but I just did an install without creating the link manually | 23:28 |
| nowen | anyway - did you get to the ssl cert creation? | 23:28 |
| Ownage | yeah I finished that and starting the daemon now | 23:29 |
| Ownage | postgresql rather | 23:29 |
| Ownage | fcking hell | 23:31 |
| Ownage | 404 resource busy' | 23:32 |
| nowen | hmm. anything in catalina.out? | 23:32 |
| nowen | this is really odd | 23:36 |
| nowen | are you running selinux? | 23:36 |
| Ownage | no | 23:37 |
| Ownage | sorry, no to selinux | 23:37 |
| Ownage | yes to catalina | 23:37 |
| nowen | why would tomcat be running, port 443 open, the file exist, and get a 404? | 23:37 |
| nowen | oh - pastebin me | 23:38 |
| Ownage | http://pastebin.com/KbUFNeNX | 23:38 |
| Ownage | no webapps/ROOT apparently | 23:38 |
| Ownage | nothing in /opt/WiKID/tomcat/webapps | 23:38 |
| nowen | is postgres running? | 23:39 |
| nowen | netstat -anp | grep 5432 | 23:39 |
| Ownage | http://pastebin.com/M1FPwTEp | 23:40 |
| nowen | ok - so there is no ROOT dir in webapps? | 23:41 |
| Ownage | there's nothing in there | 23:41 |
| nowen | ohh | 23:42 |
| nowen | look in the rpm | 23:42 |
| Ownage | weird saying it's not installed now | 23:43 |
| Ownage | ugh my bad | 23:43 |
| Ownage | for some reason the rpm command only was getting one | 23:43 |
| Ownage | I still don't get why right now | 23:44 |
| nowen | hmm | 23:44 |
| Ownage | but it's installing now | 23:44 |
| nowen | cool | 23:44 |
| Ownage | http://pastebin.com/bWPet4GX | 23:44 |
| Ownage | oh by the way this is never going to finish | 23:45 |
| Ownage | it's just hung forever | 23:45 |
| Ownage | I remember this happening before | 23:45 |
| Ownage | apparently your rpm is doing an updatedb without excluding nfs | 23:45 |
| Ownage | so wikid is trying to index our terabytes and terabytes of files right now | 23:45 |
| nowen | ahh | 23:46 |
| nowen | wow. haven't come across that before | 23:46 |
| nowen | why does the WiKID server have access to nfs? | 23:46 |
| Ownage | because you're running updatedb | 23:46 |
| Ownage | with no param | 23:46 |
| Ownage | s | 23:46 |
| Ownage | which by default will try to index EVERYTHING | 23:46 |
| Ownage | including all nfs shares | 23:46 |
| Ownage | hence my alias on all machines: alias updatedb='updatedb --prunefs nfs' | 23:47 |
| nowen | but why have it have access to the nfs shares at all? | 23:47 |
| Ownage | you're installing as root | 23:47 |
| Ownage | so it has all access | 23:48 |
| nowen | I'll add it to the list | 23:48 |
| Ownage | we mount our shares on all machines, since almost every machine needs them on various ways | 23:48 |
| Ownage | for example all our home dirs are nfs | 23:48 |
| Ownage | etc | 23:48 |
| Ownage | anyways it works if I umount everything and go again, which I've done now | 23:48 |
| Ownage | and seriously I don't mean to be a dick | 23:49 |
| Ownage | but I already reported this in november | 23:49 |
| Ownage | ok we're good, it is installed now, lets see if it starts up for me right | 23:49 |
| nowen | wouldn't it be more secure to not have the server have nfs access? | 23:49 |
| Ownage | we actually use those files | 23:49 |
| Ownage | also, if you want to be popular with the ladies, make a symlink in /etc/init.d/ for wikid -> /opt/WiKID/bin/wikidctl | 23:51 |
| nowen | yeah, we're actually working on making everything .deb compliant too | 23:51 |
| nowen | ok - I have got to go home. is it starting? | 23:52 |
| Ownage | started, checking | 23:52 |
| Ownage | log in screen! | 23:52 |
| nowen | nice! | 23:52 |
| Ownage | thanks man! I'll muck around a bit and see what I can get going! | 23:52 |
| nowen | ok | 23:53 |
| Ownage | I have been further than this before but I need a refresher anyways. and that was an older version so.. cool | 23:53 |
| nowen | i'll be back tomorrow morn, then traveling | 23:53 |
| Ownage | where you going | 23:53 |
| nowen | shmoocon in dc | 23:53 |
| Ownage | that sounds racist | 23:53 |
| nowen | heeh | 23:53 |
| nowen | no, infosec conference | 23:53 |
| nowen | ok - later! | 23:54 |
| Ownage | bye thanks a million | 23:54 |
| *** nowen has quit (Quit: Leaving.) | 23:54 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!