| *** Marcel (507fdbd1@gateway/web/freenode/ip.80.127.219.209) has joined #wikid | 09:34 | |
| *** nowen (~nowen@pool-72-83-75-46.washdc.east.verizon.net) has joined #wikid | 13:44 | |
| nowen | greetings. Let me know if you have any questions about WiKID | 13:45 |
|---|---|---|
| *** Marcel has quit (Quit: Page closed) | 15:07 | |
| *** Reinier (507fdbd1@gateway/web/freenode/ip.80.127.219.209) has joined #wikid | 15:07 | |
| Reinier | hello | 15:08 |
| nowen | hi | 15:10 |
| nowen | still getting the same error? | 15:10 |
| Reinier | we checked the logs now, the logs said "Could not validate the client certificate" | 15:11 |
| nowen | did you create the intermediate and localhost certs? | 15:11 |
| Reinier | yes | 15:12 |
| nowen | and restart the server? | 15:12 |
| Reinier | multiple times now, but it still gives that weird "0" when trying to connect | 15:13 |
| nowen | how did you install the server? iso, vmware image, rpm? | 15:13 |
| Reinier | with the iso | 15:14 |
| nowen | have you tried running the token in debug mode? | 15:14 |
| Reinier | we've tried that, but when we try to change the jw.properties in the .jar package the token chrashed | 15:15 |
| nowen | oh - drop the jw.properties file in the same directory as the jar file | 15:16 |
| nowen | it will use that one instead | 15:16 |
| nowen | if it works, you can paste the output into http://pastebin.com | 15:22 |
| nowen | how did you find out about us? all the sudden we've got a spate of .nl traffic ;) | 15:24 |
| nowen | brb - got a quick meeting | 15:26 |
| *** Reinier_ (507fdbd1@gateway/web/freenode/ip.80.127.219.209) has joined #wikid | 15:30 | |
| *** Reinier has quit (Ping timeout: 265 seconds) | 15:32 | |
| Reinier_ | hello i posted it on pastebin | 15:35 |
| Reinier_ | http://pastebin.com/U6JuLKmg | 15:35 |
| nowen | hmm, vista... did you install the token in a directory you can write to? | 15:37 |
| Reinier_ | we found out about WiKID when we bought our new firewall | 15:37 |
| Reinier_ | a netgear | 15:38 |
| nowen | ahh | 15:38 |
| nowen | yes, they have a special radius thing for us | 15:38 |
| Reinier_ | sorry its a windows 7, detection error i think ;) | 15:38 |
| nowen | all that "NET_ADDR: null" stuff is odd | 15:38 |
| nowen | same thing, I think, the user cannot save data to c:/program files/ | 15:39 |
| nowen | also, see what happens when you browse to http://192.168.100.81/wikid/servlet/com.wikidsystems.server.InitDevice4AES?a=0&S=192168100081&CT=1 | 15:39 |
| Reinier_ | i get a http status 405 - http method GET is not supported by this URL | 15:42 |
| nowen | ok, that's ok - and where is the token installed? | 15:43 |
| nowen | also, will you run 'date' on the terminal and make sure it is correct | 15:44 |
| Reinier_ | we've got the token installed on c:\program files and we tried to copy it to the my documents folder, the account is a local admin account | 15:44 |
| Reinier_ | the date is correct | 15:45 |
| nowen | try to add this domain: 88888888888 | 15:45 |
| nowen | if your token client can't add that domain, then it is a problem with the token | 15:48 |
| Reinier_ | it could not connect with 888888888888 | 15:51 |
| nowen | ok - can your rerun the installer and when prompted for the location, choose the User | 15:52 |
| nowen | folder? | 15:52 |
| nowen | or you can just drop this http://www.wikidsystems.com/webdemo/tokens/j2se/3.1.10/wikidtoken-3.1.10.exe into a user folder | 15:52 |
| nowen | or you can use the web start token: http://www.wikidsystems.com/webdemo/tokens/j2se/3.1.8/token.jnlp | 15:53 |
| nowen | the web start token is pretty cool actually and very customizable via text files on a server | 15:57 |
| Reinier_ | we've tried both the user folder option and the web start token, both have the same results :( | 15:58 |
| nowen | is there a firewall on this pc that would block the token? | 15:59 |
| Reinier_ | we've disabled our firewalls | 16:00 |
| nowen | do you use an outside DNS provider? | 16:03 |
| Reinier_ | we have a internal dns server that relays to our ISP (if the right way to say it in english?) | 16:04 |
| Reinier_ | *(is that | 16:04 |
| nowen | yes, ok | 16:04 |
| nowen | do you get the same output from the token debug for both your domain and the 888 domain? | 16:05 |
| Reinier_ | yes | 16:05 |
| nowen | I wonder if there is a problem with your routing - the token request goes out, but the response comes back at a 0 | 16:05 |
| nowen | that could mean that the response is getting blocked or that the response is just not getting back to the token | 16:06 |
| Reinier_ | it shouldn't go outside right now, we're still in the 192.168.100.x network, it should never pass our gateway | 16:07 |
| nowen | yeah | 16:09 |
| nowen | can you get out from the WiKID server? | 16:09 |
| Reinier_ | yes we can go outside from the wiKID server | 16:13 |
| nowen | in your logs, where is says that it couldn't validate the certificate is a little bomb icon. | 16:16 |
| nowen | can you click on that and pastebin the results? | 16:16 |
| Reinier_ | http://pastebin.com/4VeWfDts | 16:21 |
| nowen | on the terminal, can you run 'ls-all /opt/WiKID/private' | 16:23 |
| nowen | you should be able to paste that here | 16:23 |
| Reinier_ | http://pastebin.com/DJSAwqZF | 16:27 |
| nowen | what happens when you browse to http://888888888888.wikidsystems.net? | 16:29 |
| Reinier_ | i arrive at the wikidsystems homepage | 16:29 |
| nowen | hmm | 16:30 |
| nowen | man i am a bit stumped here | 16:30 |
| nowen | when you restart the token are you prompted for a passphrase? | 16:31 |
| Reinier_ | What would be the next logical step? it's getting late over here, the company is going to close, could you send us a e-mail? | 16:32 |
| Reinier_ | yes we get prompted for a passphrase | 16:32 |
| nowen | hmm | 16:32 |
| nowen | yes, maybe a little sleeping on it would be good | 16:32 |
| nowen | you can also try from a different computer | 16:33 |
| nowen | very odd | 16:33 |
| nowen | If I think of something, I will send you an email | 16:33 |
| Reinier_ | that would be great, thank you for the support :) | 16:34 |
| *** Reinier_ has quit (Quit: Page closed) | 16:35 | |
| *** nowen has parted #wikid (None) | 16:36 | |
| *** nowen (~nowen@m552336d0.tmodns.net) has joined #wikid | 19:43 | |
| Ownage | nowen: you gonna be on for a bit? | 19:48 |
| Ownage | I'm about to head to lunch in 10 mins for about an hour | 19:49 |
| Ownage | but if you're gonna be around after that, I could use some help if you're up for it | 19:49 |
| nowen | Probably not that long, but I can check back in. | 19:50 |
| nowen | I'll log in an hour or two if that works | 19:51 |
| *** nowen has quit (Quit: Bye) | 20:17 | |
| Ownage | nowen I'm back. I don't see leaves and joins so just holler when you're around. thanks | 21:15 |
| *** nowen (~nowen@m552336d0.tmodns.net) has joined #wikid | 21:24 | |
| nowen | Ownage you there? | 21:25 |
| Ownage | yessir | 21:25 |
| nowen | How's it going? What issues are you having. | 21:26 |
| nowen | Btw, I'm on my phone, so limited capabilities | 21:26 |
| Ownage | what I'm trying to do is be able to pick and choose based on username and/or ip who can log in to our google apps account | 21:27 |
| Ownage | that's really the only thing I want to do | 21:27 |
| Ownage | so that has led me down this path where basically looks like I need SSO | 21:27 |
| Ownage | which brought me here to wikid | 21:27 |
| Ownage | so anyways, I've got wikid up and running, but I've not figured out how to successfully get google to auth with it | 21:27 |
| Ownage | there's a couple of issues I'm having | 21:27 |
| nowen | Ok | 21:28 |
| Ownage | first of all I can't seem to find any documentation about what URLs to use for the google sso settings | 21:28 |
| Ownage | https://public-fqdn-of-wikid/_what_ for example | 21:29 |
| Ownage | the only thing I could really find was a howtoforge article | 21:29 |
| nowen | You mean on the google setup page? | 21:29 |
| Ownage | right | 21:30 |
| Ownage | the howtoforge uses /wikid/GSSO | 21:30 |
| Ownage | and then two apparently random URLs | 21:30 |
| Ownage | so what I did was use /wikid/GSSO and google.com and google.com | 21:30 |
| Ownage | however I fail auth on trying this way | 21:30 |
| Ownage | so I guess the first Q is: is that what it's supposed to be? | 21:31 |
| nowen | Look in the /opt/WiKID/tomcat/webapps/wikid/ | 21:32 |
| nowen | Is there a GSSO directory or has the name changed? | 21:33 |
| Ownage | there is not | 21:33 |
| Ownage | WEB-INF, META-INF, errors, ADRegister, images | 21:34 |
| Ownage | those are the dirs | 21:34 |
| nowen | Did you enable it under protocols? | 21:35 |
| Ownage | yes | 21:35 |
| nowen | Hmm. | 21:35 |
| Ownage | verifying | 21:36 |
| Ownage | definitely enabled, showing green enabled | 21:36 |
| Ownage | the server has been restarted as well | 21:36 |
| Ownage | I'll disable, re-enable | 21:38 |
| Ownage | I did a search before and after | 21:38 |
| Ownage | no new files or directories are created from disabling or enabling | 21:39 |
| Ownage | in case you can see pastebins, here are the 5 items which show for locating GSSO: http://pastebin.com/TYBFv8dc | 21:39 |
| Ownage | trying a service stop, start for good measure | 21:40 |
| Ownage | weird wikidctl stop is taking forever | 21:41 |
| nowen | Hmm | 21:41 |
| Ownage | there it goes | 21:42 |
| Ownage | probably vm-related | 21:42 |
| nowen | I can't get to my lab machines from here | 21:50 |
| Ownage | I understand | 21:51 |
| nowen | I can check on it first thing Monday. Not sure what's going on | 21:52 |
| nowen | I'm also pinging someone else. | 21:54 |
| nowen | If I hear back I will hop back on and let you know. Otherwise, I'll be back on monday | 22:15 |
| Ownage | no problem thanks man | 22:16 |
| nowen | Later | 22:16 |
| *** nowen has quit (Quit: Bye) | 22:16 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!