| *** nprodromou has quit (Ping timeout: 252 seconds) | 01:55 | |
| *** nowen (~nowen@adsl-66-184-38.asm.bellsouth.net) has joined #wikid | 14:16 | |
| *** delta9000 (ccee2502@gateway/web/freenode/ip.204.238.37.2) has joined #wikid | 18:44 | |
| *** uday (d834d225@gateway/web/freenode/ip.216.52.210.37) has joined #wikid | 19:20 | |
| uday | hii can somone help me | 19:21 |
|---|---|---|
| uday | I need 2 factor authentication | 19:21 |
| *** uday has quit (Client Quit) | 19:21 | |
| nowen | oops | 19:30 |
| delta9000 | well, at least he was specific with his question | 19:32 |
| nowen | hehe, true! | 19:34 |
| delta9000 | is there an easy way to use LDAP for OpenSSH password auth on Centos 5.5? | 20:07 |
| delta9000 | I have LDAP installed and browseable with JXplorer | 20:08 |
| delta9000 | I also commented out "account required pam_nologin.so" from /etc/pam.d/sshd | 20:09 |
| nowen | delta9000: I've never had any luck with ldap | 20:11 |
| delta9000 | yeah, it seems rather bloated for what I'm trying to do | 20:11 |
| delta9000 | I tried a tacacs+ pam module earlier, but it didn't seem like WiKID was updating the tacacs.conf file with my OTP | 20:12 |
| nowen | is xinetd installed? | 20:13 |
| nowen | for tacacs? | 20:13 |
| delta9000 | hmm, that could be it :) | 20:14 |
| delta9000 | is tacacs the recommended solution for ssh integration with WiKID? (community edition) | 20:15 |
| nowen | yes | 20:16 |
| nowen | If i don't respond, ping my handle. my alerts are acting funny | 20:40 |
| delta9000 | so, I got it halfway working | 20:56 |
| delta9000 | it doesn't seem like the tac_plus server watches the tacacs.conf file | 20:57 |
| nowen | hmm. | 20:57 |
| delta9000 | but if I attempt to grab a OTP and then run /opt/WiKID/bin/tac_plus -C /opt/WiKID/private/tacacs.conf | 20:57 |
| delta9000 | it lets me log in | 20:57 |
| delta9000 | this is on Centos 5.5 | 21:01 |
| nowen | but you have start tacacs each time? | 21:01 |
| delta9000 | yeah, nmap doesn't show anything running on 49 till I manually start the tac_plus | 21:02 |
| nowen | and you installed xinetd? | 21:03 |
| delta9000 | yeah, via yum | 21:04 |
| delta9000 | do I need to start something with xinetd or reboot? | 21:04 |
| nowen | maybe, it seems like it's not doing it's jo | 21:05 |
| nowen | b | 21:05 |
| delta9000 | k, I'll try that | 21:05 |
| delta9000 | awesome, that did the trick | 21:10 |
| delta9000 | just needed xinetd and a reboot, heh | 21:10 |
| nowen | great | 21:10 |
| delta9000 | thanks for the help! | 21:12 |
| nowen | np | 21:12 |
| *** delta9000 has quit (Ping timeout: 252 seconds) | 21:16 | |
| *** nprodromou (~nprodromo@dsl092-049-221.sfo4.dsl.speakeasy.net) has joined #wikid | 23:24 | |
| *** nprodromou has parted #wikid (None) | 23:31 | |
| *** nprodromou (~nprodromo@dsl092-049-221.sfo4.dsl.speakeasy.net) has joined #wikid | 23:31 | |
| nprodromou | Hey nowen: You around? | 23:31 |
| nowen | yes, but just for a bit. writing a blog post about RSA :) | 23:32 |
| nowen | did you see http://www.wired.com/threatlevel/2011/03/rsa-hacked/? | 23:34 |
| nprodromou | no... looking now | 23:34 |
| nprodromou | hey, want to help with my new error? | 23:35 |
| nowen | sure | 23:35 |
| nprodromou | or should I try to catch yo uin the AM? | 23:35 |
| nowen | now is fine | 23:35 |
| nprodromou | it's cool if you want to get done and get out | 23:35 |
| nprodromou | it's 7:30 on St.P's day | 23:35 |
| nprodromou | I'll still be a client | 23:35 |
| nowen | I'll let you know if it is too complicated :) | 23:35 |
| nprodromou | okay | 23:35 |
| nprodromou | one sec and I'll recreate | 23:36 |
| nprodromou | okay, so I run /opt/WiKID/bin/wikidctl start and it says that the servers start | 23:40 |
| nprodromou | Database already started. | 23:40 |
| nprodromou | Logger process already started. | 23:40 |
| nprodromou | Starting TimeCop service...Success! | 23:40 |
| nprodromou | Tomcat server already started. | 23:40 |
| nprodromou | well, rather that they're already started | 23:40 |
| nprodromou | but then I try to go to the web interface and I get nothing | 23:40 |
| nprodromou | AND, I nmap the server and don't see port 443 open on it | 23:40 |
| nowen | anything in /opt/WiKID/tomcat/logs/catalina.out? | 23:41 |
| nowen | run 'netstat -anp | grep 443' | 23:42 |
| nprodromou | http://privatepaste.com/e877682ec8 | 23:43 |
| nowen | hmm. seems like a cert issue | 23:46 |
| nowen | have you created the certs yet? | 23:46 |
| nprodromou | yeah | 23:47 |
| nprodromou | created as part of the install | 23:47 |
| nprodromou | though, I'd love to install my own if that'll help | 23:47 |
| nowen | run 'locate java.security' and diff the two results | 23:47 |
| nprodromou | I've got a wildcard that I'd be glad to put on the box | 23:47 |
| nowen | might work, I don't know. needs to work with bouncy castle | 23:48 |
| nprodromou | OK | 23:48 |
| nprodromou | I don't know what that means. :) | 23:48 |
| nprodromou | Also, I'm getting a lot more than two results | 23:48 |
| nprodromou | wait | 23:48 |
| nprodromou | no I'm not | 23:48 |
| nprodromou | http://privatepaste.com/7c008160d2 | 23:49 |
| nowen | ok - cp the one from /opt/WiKID to the other one | 23:50 |
| nprodromou | okay | 23:50 |
| nowen | did you re-install java or something? | 23:50 |
| nprodromou | sec | 23:50 |
| nprodromou | just per the instructions | 23:51 |
| nprodromou | copied. | 23:51 |
| nprodromou | restart? | 23:51 |
| nowen | yes | 23:52 |
| nowen | hmm, refresh my memory: rpm or iso? | 23:52 |
| nprodromou | rpm | 23:53 |
| nowen | huh. should've copied over | 23:53 |
| nprodromou | still nothing | 23:54 |
| nowen | same error in catalina.out? | 23:54 |
| nprodromou | you want that same log? | 23:54 |
| nowen | no | 23:55 |
| nprodromou | I mean | 23:56 |
| nowen | go into /opt/WiKID/private | 23:56 |
| nprodromou | there are lots of errors in there | 23:56 |
| nowen | ohh, yes then | 23:56 |
| nprodromou | ok then | 23:56 |
| nprodromou | http://privatepaste.com/b4a88a83b1 | 23:56 |
| nowen | blap | 23:56 |
| nowen | should have read it better | 23:57 |
| nowen | /opt/WiKID/tomcat/bin/catalina.sh: line 308: /usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/bin/java: No such file or directory | 23:57 |
| nprodromou | oh | 23:57 |
| nprodromou | why's it trying to read that? | 23:57 |
| nowen | not sure | 23:57 |
| nowen | try 'echo $JAVA_HOME' | 23:57 |
| nprodromou | [root@wikid private]# echo $JAVA_HOME | 23:57 |
| nprodromou | /usr/java/latest | 23:57 |
| nowen | ls -all /usr/java/ | 23:58 |
| nowen | and see where latest is pointing | 23:58 |
| nprodromou | [root@wikid private]# ls -all /usr/java | 23:58 |
| nprodromou | total 12 | 23:58 |
| nprodromou | drwxr-xr-x 3 root root 4096 Mar 16 23:49 . | 23:58 |
| nprodromou | drwxr-xr-x 15 root root 4096 Mar 16 23:48 .. | 23:58 |
| nprodromou | lrwxrwxrwx 1 root root 16 Mar 16 23:49 default -> /usr/java/latest | 23:58 |
| nprodromou | drwxr-xr-x 9 root root 4096 Mar 16 23:49 jdk1.6.0_24 | 23:58 |
| nprodromou | lrwxrwxrwx 1 root root 21 Mar 16 23:49 latest -> /usr/java/jdk1.6.0_24 | 23:58 |
| nprodromou | maybe just delete usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/ and make a sim link? | 23:59 |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!