| *** Krishna (4211be12@gateway/web/freenode/ip.66.17.190.18) has joined #wikid | 01:58 | |
| Krishna | Wikid systems account Lockout policy | 01:58 |
|---|---|---|
| Krishna | Need to know what are the criteria being used to Lock the user account in wikidsystems Enterprise edition | 01:59 |
| *** Krishna has quit (Ping timeout: 272 seconds) | 02:47 | |
| *** roland (511e21a1@gateway/web/freenode/ip.81.30.33.161) has joined #wikid | 13:03 | |
| roland | i can't get the command wikidctl setup to run on the iso image | 13:05 |
| roland | command not found | 13:05 |
| *** nowen (~nowen@adsl-66-184-38.asm.bellsouth.net) has joined #wikid | 13:07 | |
| nowen | good morning roland | 13:08 |
| *** roland has quit (Quit: Page closed) | 13:40 | |
| *** Phazeon (4c5efb2c@gateway/web/freenode/ip.76.94.251.44) has joined #wikid | 17:52 | |
| Phazeon | Hello nowen, are you here? | 17:52 |
| nowen | yeah | 17:53 |
| Phazeon | This is Michael Sullivan from Apex EMR. I've a couple little questions about our account and our auth server | 17:53 |
| nowen | ok | 17:54 |
| Phazeon | First, we've purchased some licences and in an email you asked which domain name did we use for our server. | 17:55 |
| nowen | hmm - I don't think I got that email. | 17:56 |
| Phazeon | is it safe to relay such info here in IRC? heh | 17:56 |
| nowen | oh _ I sent the email | 17:56 |
| Phazeon | yeah I'm replying in person :) | 17:56 |
| nowen | ;) - ok monday | 17:56 |
| Phazeon | it's been a long weekend for me heh | 17:57 |
| nowen | yes, I think it is fine. it is not really secret - right - just the domain name | 17:57 |
| Phazeon | hatchetman.apexemr.net | 17:57 |
| nowen | ok - and you purchased with the sdrfund email? | 17:59 |
| Phazeon | yes @msn | 18:00 |
| nowen | cool | 18:02 |
| nowen | what are you'll doing? | 18:02 |
| nowen | electronic medical records, I assume? | 18:02 |
| Phazeon | yep, we're developing a purely web based EMR. We need 2 factor auth for HIPAA regulations | 18:03 |
| nowen | very cool - so hopefully more licenses to come | 18:04 |
| nowen | ? | 18:04 |
| Phazeon | we're hoping so. Right now we're in a closed beta stage | 18:05 |
| nowen | excellent | 18:06 |
| Phazeon | so is there anything I have to do on my end to tie in the licences? | 18:06 |
| nowen | no - now that I have put the 2+2 together, we're ok | 18:06 |
| nowen | I'll put Apex into the accounting system | 18:06 |
| Phazeon | ok good. Then leads to the next question | 18:06 |
| nowen | ok | 18:06 |
| Phazeon | I'm unable to delete a domain. It says it's associated with 4 users even though I've gone through and removed all other records from the web interface. | 18:08 |
| nowen | hmm | 18:09 |
| nowen | ok - let me test this. | 18:09 |
| nowen | sounds like a but | 18:09 |
| nowen | bug | 18:09 |
| Phazeon | it's a test domain that I used while integrating the authentication so I don't want to keep it I wish to re-create it for production | 18:09 |
| nowen | what version are you running> | 18:10 |
| nowen | ? | 18:10 |
| Phazeon | 3.4 build 62-b445 | 18:11 |
| nowen | hmm | 18:11 |
| nowen | are you getting an error? in the logs? | 18:12 |
| Phazeon | let me look, any specific ones I should check? | 18:12 |
| nowen | just in the WiKIDAdmin logs - there's a link on the top right | 18:13 |
| Phazeon | other than an attempt to download a logo (which doesn't exist yet) nothing | 18:14 |
| nowen | hmm | 18:14 |
| nowen | I just tried to replicate and couldn | 18:14 |
| nowen | t | 18:14 |
| Phazeon | what happens to registered yet not authorized user registrations? | 18:15 |
| nowen | they should be deleted after a period of time - 24hrs, iirc | 18:15 |
| Phazeon | this isn't the first time I've removed the domain and before I had to manually register those then delete them before I could remove the domain | 18:16 |
| Phazeon | this time around I think I might have missed a few | 18:16 |
| nowen | hmm | 18:16 |
| nowen | are there any listed on the manually register page? | 18:17 |
| Phazeon | nope | 18:17 |
| nowen | hmm | 18:18 |
| Phazeon | exactly what I said :) | 18:19 |
| Phazeon | is there a way to drop/flush/empty the DB? or would I have to re-create all the certificates and etc? | 18:20 |
| Phazeon | the certs are the only reason I havn't just wiped it out and started over | 18:21 |
| nowen | you can move the certs if you want. they are in /opt/WiKID/private | 18:22 |
| Phazeon | hmm I wonder... | 18:24 |
| Phazeon | nope shot down. can't change the domain code. idle hope. | 18:25 |
| nowen | ok - I haven't replicated it, but I think we'll just delete the unused reg codes when the domain is deleted | 18:26 |
| nowen | so, we might have a fix for you, but it might be faster to just re-build | 18:26 |
| Phazeon | ok. since it's not a standard install any tips? save the certs, wipe it all out, reinstall the RPMs, copy in the certs then run through the rest of the install process? | 18:28 |
| nowen | did you install via the rpms or iso? | 18:28 |
| Phazeon | rpms | 18:28 |
| nowen | the database is in /var/lib/pgsql/data. I think you can mv/del that directory and then run the database creation script again | 18:29 |
| nowen | if you're comfortable with that | 18:29 |
| Phazeon | sure. what's the script I need to run? | 18:30 |
| nowen | /opt/WiKID/conf/templates/wikid-firstboot.sh | 18:31 |
| Phazeon | ok that seems to have worked. everything's back at square one and the certs are still there. | 18:33 |
| nowen | cool | 18:34 |
| Phazeon | oh one little question, the registered url when creating a domain, is that the URL the software token will open in a browser once users have requested a passcode? | 18:36 |
| nowen | yes - sorry, needs better documentation - it is for mutual https authe | 18:37 |
| nowen | the token will also validate that the user is talking to the correct cert | 18:38 |
| Phazeon | we're trying to make it as easy on our users as possible, I'm utilizing the web start java applet so they'll already have the browser open to the correct location I didn't need the new window opened | 18:38 |
| nowen | http://www.wikidsystems.com/learn-more/technology/mutual_authentication | 18:38 |
| nowen | have you seen how you can config the web start token? | 18:38 |
| nowen | http://www.wikidsystems.com/support/wikid-support-center/installation-how-tos/how-to-customize-the-web-start-software-token/?searchterm=jnlp | 18:39 |
| nowen | you can make it into a single domain token | 18:39 |
| Phazeon | yes, however it didn't seem to be working correctly... course it could have been my workstation it's in need of a reinstall let me try here on a clean(er) system | 18:40 |
| nowen | yeah, using the java cache is interesting, but it makes testing a bithc | 18:41 |
| Phazeon | I've an old personal bias against Java... it's only saving grace IMHO is it's cross platform capability heh | 18:43 |
| Phazeon | one moment re-creating everything heh | 18:45 |
| nowen | well, my cto likes it and it gets us a lot - from the server to all the pcs to android/j2me | 18:47 |
| Phazeon | ok it's still not bound to one domain. I'm hosting both the modified token.jnlp file and the jw.properties file. | 18:50 |
| nowen | hmm | 18:54 |
| Phazeon | I'm tweaking some of the options | 18:54 |
| Phazeon | or does it only download the jw.properties file when you first run it? | 18:56 |
| Phazeon | the very first time when it's installed in the cache | 18:56 |
| nowen | you have to delete both the jar file and the jw.properties file in the java cache | 18:56 |
| Phazeon | and i take it that's easier said than done? heh | 18:59 |
| nowen | hmm - I'm getting the same error | 19:00 |
| nowen | although this is an old client - are you using 3.1.8? | 19:00 |
| Phazeon | yeah | 19:01 |
| nowen | try the 3.1.10 | 19:01 |
| nowen | it may have some of fixes for jnlp | 19:01 |
| Phazeon | hmm ok one moment | 19:03 |
| Phazeon | does the domainsuffix have to remain at wikidsystems? | 19:05 |
| nowen | http://www.wikidsystems.com/webdemo/tokens/j2se/dedicated/token.jnlp | 19:05 |
| nowen | that one is 3.1.10 and it works | 19:05 |
| nowen | no | 19:05 |
| Phazeon | ok let me try this agian | 19:06 |
| nowen | you can set it to your domain, and probably should. just know that the wireless tokens don't have the ability to use a different dns | 19:06 |
| Phazeon | getting a little lost with all these different version of files and such heh | 19:07 |
| nowen | we can also create a dns entry for you, if you're ok with such a set up | 19:07 |
| nowen | yeah | 19:07 |
| nowen | hold on | 19:07 |
| nowen | there's a zip with all the files there | 19:07 |
| nowen | http://www.wikidsystems.com/webdemo/tokens/j2se/dedicated/dedicated.zip | 19:07 |
| Phazeon | well I've gone a step forwards and one back... it's now attempting to connect to a dedicated domain but with a domain code of all 8s heh | 19:20 |
| nowen | closer! | 19:20 |
| nowen | check your jw.properties file | 19:20 |
| Phazeon | http://www.apexemr.net/jw.properties | 19:21 |
| Phazeon | at least java provides an easy way to clear the cache | 19:23 |
| nowen | hmm | 19:24 |
| Phazeon | in the jnlp there are 3 urls that start with http://www.wikidsystems.com/webdemo/tokens/j2se/dedicated the one in the <jnlp> tag's codebase attribute when I changed that to where I put the jars from that file it wouldn't execute | 19:25 |
| nowen | oh - yeah, change the codebase to your domain | 19:27 |
| Phazeon | hmm | 19:28 |
| Phazeon | <sarcasm>this is ever so much fun</sarcasm> | 19:28 |
| nowen | hehe | 19:28 |
| Phazeon | I'm getting errors now | 19:34 |
| nowen | hmm - got an error that time | 19:34 |
| Phazeon | i moved it hold on | 19:35 |
| Phazeon | https://www.apexemr.net/token/token.jnlp | 19:35 |
| nowen | what do you have as the code base? | 19:35 |
| Phazeon | where I placed the jars and other files from that zip | 19:36 |
| nowen | hmm - could be permissions | 19:37 |
| nowen | ? | 19:37 |
| Phazeon | no it's world readable | 19:39 |
| nowen | hmm, it seems to not be finding something, usually, the jar file | 19:39 |
| Phazeon | com.sun.deploy.net.FailedDownloadException: Unable to load resource: http:/www.apexemr.net/token/token.jnlp I know that file's there heh | 19:41 |
| nowen | http:/www.apexemr.net/token/token.jnlp | 19:41 |
| nowen | hehe | 19:41 |
| nowen | only one / | 19:41 |
| Phazeon | argh | 19:42 |
| Phazeon | hmm | 19:47 |
| Phazeon | now it gets stuck at connecting to auth server for configuration | 19:47 |
| nowen | any error on the WiKID server? | 19:49 |
| Phazeon | I'm not sure it's getting to the server, instead of a 12 digit domaincode it says 0. | 19:50 |
| Phazeon | Connecting to authentication server for configuration... <new line> 0 | 19:51 |
| nowen | hmm - just worked for me. | 19:54 |
| Phazeon | hmm artifacts it seems | 19:54 |
| nowen | do you see my reg code? | 19:54 |
| Phazeon | yep | 19:55 |
| nowen | ok | 19:55 |
| nowen | I thought there was a java interface where you could select the files to delete in the cache | 19:55 |
| Phazeon | yeah and that's what I've been using... let me try a different workstation | 19:56 |
| *** wallyk (4004456e@gateway/web/freenode/ip.64.4.69.110) has joined #wikid | 19:57 | |
| wallyk | Hello is anyone home? | 19:58 |
| nowen | yes | 19:58 |
| wallyk | I am trying to use our wikid server to authenticate to a fortimanager. We are currently using it for our ssl vpn | 19:59 |
| wallyk | I am getting this error in the wikid logs and I am not sure what it means | 19:59 |
| wallyk | "The NAS IP supplied does not match the NAS table" | 20:00 |
| Phazeon | nowen: it works on another workstation. thanks so much for your time and help! | 20:00 |
| nowen | did you restart the WiKID server after creating the network client? | 20:00 |
| wallyk | No I did not | 20:00 |
| nowen | Phazeon: my pleasure! sorry for the hassle and thanks for the bug report | 20:00 |
| wallyk | Should I? | 20:00 |
| wallyk | what is the command to restart it again? | 20:01 |
| nowen | yeah - radius caches the info | 20:01 |
| nowen | wikidctl restart | 20:01 |
| nowen | do you know the passphrase? | 20:01 |
| nowen | you know you can put the passphrase into /etc/WiKID/security and you won't be prompted on restart? | 20:02 |
| wallyk | yep I have that recorded | 20:02 |
| wallyk | That is good to konw thanks | 20:02 |
| wallyk | I might just do that now | 20:02 |
| nowen | create the file security with one line "WAUTH_PASSPHRASE=yourpassphrase" | 20:02 |
| nowen | no quotes | 20:02 |
| *** Phazeon has quit (Quit: Page closed) | 20:03 | |
| wallyk | am I creating a new file called security? | 20:04 |
| nowen | yeah | 20:04 |
| wallyk | K | 20:04 |
| nowen | wallyk: did the restart work? | 20:30 |
| *** nowen has quit (Quit: Leaving.) | 22:47 | |
| *** Phazeon (40515699@gateway/web/freenode/ip.64.81.86.153) has joined #wikid | 23:13 | |
| *** Phazeon has quit (Client Quit) | 23:13 | |
| *** Phazeon (40515699@gateway/web/freenode/ip.64.81.86.153) has joined #wikid | 23:30 | |
| Phazeon | Is there anyone from support here? | 23:31 |
| *** Phazeon has quit (Client Quit) | 23:34 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!