| *** nowen (~nowen@adsl-66-184-38.asm.bellsouth.net) has joined #wikid | 12:51 | |
| *** malcolm (29df2122@gateway/web/freenode/ip.41.223.33.34) has joined #wikid | 13:11 | |
| malcolm | Hi Neil | 13:12 |
|---|---|---|
| nowen | Hi | 13:12 |
| nowen | but it is NIck :) | 13:12 |
| malcolm | sorry I meant Nick | 13:12 |
| nowen | np :) | 13:12 |
| malcolm | I was looking at an email alert from someone in my company called Neil | 13:12 |
| malcolm | ;) | 13:12 |
| malcolm | I have a quick question regarding the setup we now have | 13:13 |
| nowen | ok | 13:13 |
| malcolm | We have bought the 1 year 0 user license | 13:13 |
| malcolm | how do we go about setting it up | 13:13 |
| malcolm | thats the first | 13:13 |
| nowen | malcolm: no need -we track usage via the certificate | 13:13 |
| malcolm | secondly - where in the radius logs to we find a successful and failed attempts ? | 13:14 |
| nowen | hmm, you're not seeing anything in the WiKIDAdmin logs? | 13:14 |
| malcolm | just tailing /opt/WiKID/log/radius.log doesn't gie much | 13:14 |
| nowen | If you want to see the logs in the /opt/WiKID/log directory as well as in the WiKIDAdmin, then you can edit the /etc/WiKID/log4j.properties file to this: | 13:16 |
| nowen | http://pastebin.com/MUGwqmud | 13:16 |
| nowen | and restart the server | 13:16 |
| nowen | not sure how much data that will create, so keep an eye on disk usage | 13:16 |
| malcolm | where in the WiKIDadmin logs | 13:17 |
| malcolm | ? | 13:17 |
| nowen | on the web ui, top right corner there is a link to logs | 13:17 |
| malcolm | ah ok let em check that | 13:18 |
| malcolm | which "logger" do i choose ? | 13:18 |
| nowen | To enable debugging for radius, you need to go to Configuration/Enable Protocols/Radius and set debug to True. Restart the server and then go | 13:19 |
| nowen | to Logs/Configure Loggers and set com.wikidsystems to debug and add com.wikidsystems.radius.log.DBSvrLogImpl and set it to debug as well. | 13:19 |
| malcolm | ok | 13:19 |
| malcolm | does the radius support ms-chap ? | 13:21 |
| nowen | yes | 13:21 |
| malcolm | ok I am getting this error: 64> Access-Request(1) LEN=216 192.168.10.1:1025 Access-Request by XXXXXXFailed: AccessRejectException: Microsoft MS-CHAP failed authentication | 13:22 |
| nowen | what is the network client? | 13:23 |
| malcolm | ASA Firewall | 13:23 |
| malcolm | it worked | 13:23 |
| nowen | also, you should be able to get more info than that. | 13:24 |
| malcolm | until we chanegd the domain address | 13:24 |
| nowen | did you restart the server after that? | 13:24 |
| malcolm | just the WiKID Services | 13:25 |
| malcolm | this was the domain Live IP | 13:25 |
| nowen | hmm | 13:25 |
| malcolm | switched it | 13:25 |
| nowen | ok, did you make the changes to the loggers? com.wikidsystems to debug, com.wikidsystems.radius.log.DBSvrLogImpl debug ? | 13:27 |
| malcolm | yes | 13:28 |
| malcolm | both are debug | 13:28 |
| nowen | is that the only info you're getting? | 13:28 |
| malcolm | where do I find the com.wikidsystems on thelist | 13:28 |
| malcolm | to view it | 13:28 |
| malcolm | Ah ha | 13:29 |
| malcolm | found the problem | 13:29 |
| nowen | log level? | 13:29 |
| malcolm | the domain code is wrong | 13:29 |
| malcolm | in the wikidaccess4 log | 13:29 |
| malcolm | it still has the old diomain (IP) code | 13:29 |
| nowen | hmm. maybe you should delete the network client all together and start over | 13:30 |
| malcolm | I have just done that | 13:30 |
| malcolm | Should I delete - stop start then recreate stop start ? | 13:30 |
| nowen | yeah, I think it is worthwhile | 13:30 |
| malcolm | ok | 13:31 |
| malcolm | its wierd - only have 1 domain listed in my admin portal | 13:31 |
| malcolm | we already removed the domain I believe this error is coming up with | 13:31 |
| malcolm | It seems the domain conf is broken | 13:32 |
| malcolm | from what I can tell it still has reference to the old domain "IP) | 13:33 |
| nowen | hmm | 13:33 |
| nowen | well, I know that the radius server maintains a cache of the data. perhaps it is not getting cleared? | 13:34 |
| malcolm | I am going to try and remvoe the network client section stop start etc quick | 13:34 |
| malcolm | how do I clear it | 13:34 |
| malcolm | ? | 13:34 |
| nowen | it should clear on a stop. you can run 'netstat -anp | grep java' to be sure. and 'killall -9 java' will kill any hanging processes | 13:35 |
| nowen | are you running replication? | 13:36 |
| malcolm | no - seems java was still running after the stop | 13:37 |
| malcolm | just made the changes | 13:37 |
| malcolm | lets see | 13:37 |
| malcolm | Seems a little better - just waiting to test vpn | 13:46 |
| malcolm | Nick - have u received the payment ? | 13:49 |
| malcolm | is it possible to get an invoice ? | 13:49 |
| malcolm | Nick - that seems to have worked | 13:51 |
| nowen | malcolm: good news. yea, I can email a payment note | 14:03 |
| nowen | malcolm: have you played with the example.jsp page? | 14:05 |
| malcolm | no - not yet | 14:17 |
| nowen | malcolm: that is how you can add a second token to the same users, etc | 14:25 |
| malcolm | ah - i will have t o have a look | 14:40 |
| malcolm | We seem to have another issue - | 14:40 |
| nowen | same with the ADRegister.jsp | 14:41 |
| malcolm | the system is not generating any traffic now | 14:41 |
| malcolm | and I am unable to login | 14:41 |
| malcolm | I logged in once and now nothing | 14:41 |
| nowen | you can't login to the vpn? | 14:41 |
| malcolm | no | 14:41 |
| malcolm | no logs being generated either | 14:41 |
| nowen | is there a passcode request? | 14:42 |
| malcolm | yes | 14:42 |
| malcolm | it seems the radius service took ages to start | 14:43 |
| nowen | oh, yeah, that is a known issue | 14:43 |
| nowen | sorry. we can't quite figure out if it is us, or upstream | 14:43 |
| malcolm | any work arounds | 14:43 |
| malcolm | is that it checking the certificate ? | 14:43 |
| malcolm | is our certificate now registered ? | 14:44 |
| nowen | yes | 14:44 |
| nowen | it's not the cert. something else. however, once you're in production, you won't be restarting | 14:44 |
| malcolm | this box is now in production ;) | 14:45 |
| malcolm | Thanks | 14:45 |
| malcolm | Seems thats the problem | 14:45 |
| malcolm | What services should we be monitoring to conform that the system is up ? | 14:46 |
| malcolm | it took 30 mins for the radius service to start | 14:47 |
| nowen | well, the tokens are on 80, the admin 443, radius udp 1812 | 14:47 |
| nowen | really? what type of server is this? | 14:47 |
| malcolm | SLES 11 | 14:48 |
| nowen | how much memory? | 14:48 |
| malcolm | 2GB | 14:49 |
| nowen | hmm | 14:49 |
| nowen | is there a lot of other stuff running? | 14:49 |
| malcolm | squid, postfix, zabbix proxy | 14:50 |
| malcolm | + WiKID | 14:50 |
| malcolm | I have to run | 15:04 |
| malcolm | Please can you email me your response | 15:04 |
| malcolm | Thanks | 15:04 |
| *** bigbash has quit (Quit: ZNC - http://znc.sourceforge.net) | 17:24 | |
| *** nowen has quit (Quit: Leaving.) | 21:58 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!