| *** nprodromou (~nprodromo@dsl092-049-221.sfo4.dsl.speakeasy.net) has joined #wikid | 00:44 | |
| *** nprodromou has quit (Ping timeout: 260 seconds) | 03:13 | |
| *** nprodromou (~nprodromo@c-69-181-27-121.hsd1.ca.comcast.net) has joined #wikid | 04:01 | |
| *** finalbeta_ (~finalbeta@ip-213-49-92-15.dsl.scarlet.be) has joined #wikid | 05:41 | |
| *** finalbeta has quit (Ping timeout: 248 seconds) | 05:44 | |
| *** nprodromou has quit (Ping timeout: 264 seconds) | 06:32 | |
| *** Ken__ has quit (Quit: Page closed) | 12:19 | |
| *** Ken (a5bd4f37@gateway/web/freenode/ip.165.189.79.55) has joined #wikid | 12:24 | |
| *** nprodromou (~nprodromo@c-69-181-27-121.hsd1.ca.comcast.net) has joined #wikid | 13:04 | |
| *** nprodromou has quit (Ping timeout: 240 seconds) | 13:09 | |
| Ken | Anyone home? | 14:16 |
|---|---|---|
| *** nowen (~nowen@adsl-66-184-38.asm.bellsouth.net) has joined #wikid | 14:37 | |
| Ken | Morning | 14:53 |
| nowen | morning | 14:53 |
| nowen | not sure if you saw my messages last night, I got my test working | 14:54 |
| Ken | Gee that's great. Mine still no workie | 14:56 |
| nowen | :( | 14:57 |
| Ken | :) | 14:57 |
| nowen | here's my info: | 14:57 |
| nowen | String directoryDomainSuffix = "windows2008.wikidsystems.com"; | 14:57 |
| nowen | String ldapURL = "ldap://10.100.0.156:389"; | 14:57 |
| nowen | i also changed domainCode | 14:57 |
| nowen | String domainCode = "010100000166"; | 14:57 |
| nowen | and String wikidClientPass = "mypassphrase" | 14:58 |
| nowen | ; | 14:58 |
| Ken | Here is mine: | 14:58 |
| Ken | String directoryDomainSuffix = "danet.wi"; String ldapURL = "ldap://10.123.62.10:389"; String domainCode = "165189075015"; String wikidIPAddress = "127.0.0.1"; | 14:58 |
| Ken | is there any logging with this script? | 14:58 |
| nowen | hmm, afraid not. unless the cert is bad or something that affects wikid | 15:00 |
| nowen | and you log in with ken and your AD password? and you get the error that ken@danet.wi cannot login? | 15:01 |
| Ken | Correct | 15:01 |
| nowen | and the 10.123 traffic is routed by the firewall from the 165.189? | 15:02 |
| nowen | but you see no traffic on the fw | 15:02 |
| nowen | did you also try using a domain name instead of the10.123 ? | 15:02 |
| Ken | Correct. Zip. I see NTP and Port 80 traffic out but nothing related to this script | 15:02 |
| nowen | no outbound traffic | 15:03 |
| nowen | can you ping the ip from the commandline? | 15:03 |
| Ken | There is no private DNS for his server so only IP's. But your system is setup the same way. | 15:03 |
| nowen | yeah | 15:03 |
| Ken | Yes I can ping the LDAP server | 15:03 |
| Ken | And see that traffic as well | 15:03 |
| nowen | well, there is a copy of ldapsearch on the server, you could try using that | 15:04 |
| nowen | /opt/WiKID/directory/bin/ldapsearch | 15:04 |
| nowen | I'm not 100% on what the command would be | 15:05 |
| Ken | Got a call one sec | 15:06 |
| Ken | ldapsearch: error while loading shared libraries: libldap-2.3.so.0: cannot open shared object file: No such file or directory | 15:13 |
| *** nprodromou (~nprodromo@c-69-181-27-121.hsd1.ca.comcast.net) has joined #wikid | 15:16 | |
| Ken | ldapsearch: error while loading shared libraries: libldap-2.3.so.0: cannot open shared object file: No such file or directory | 15:24 |
| nowen | Ken: now I've got a call ;) | 15:26 |
| Ken | NP. I am here all day. | 15:33 |
| *** Troy_ (4738e7bb@gateway/web/freenode/ip.71.56.231.187) has joined #wikid | 15:49 | |
| *** Troy_ has quit (Ping timeout: 252 seconds) | 15:56 | |
| Ken | Looks like the search path is not correct | 16:03 |
| nowen | /opt/WiKID/directory/bin/ldapsearch | 16:03 |
| Ken | Hey I will be leaving for lunch soon. Do you want me to open a ticket or take a diffent avenue? | 16:17 |
| nowen | no, I think we can figure it out | 16:17 |
| nowen | sorry - just off the call | 16:17 |
| Ken | K. I will return in 60 | 16:20 |
| nowen | ok, I'll do some digging on the ldapsearch command | 16:20 |
| nowen | btw, how is the fw routing? is it just a nat rule? | 16:21 |
| Ken | Yes NAT and ACL | 16:26 |
| *** Ken has quit (Disconnected by services) | 16:44 | |
| *** Ken__ (a5bd4f37@gateway/web/freenode/ip.165.189.79.55) has joined #wikid | 17:22 | |
| nowen | Ken__: | 17:29 |
| nowen | run: tcpdump -n tcp port ldap | 17:30 |
| nowen | on the command line and try to log in to the ADRegister page | 17:30 |
| nowen | it should show the outbound ldap traffic | 17:30 |
| nowen | also, are you on 2003/8? | 17:31 |
| *** nprodromou has parted #wikid (None) | 17:44 | |
| Ken__ | Nothing. Could this be a local firewall issue? | 17:54 |
| Ken__ | Yes LDAP is 2003 | 17:54 |
| nowen | hmm | 17:54 |
| nowen | I have the fw running | 17:56 |
| Ken__ | Then we are looking at the ldap plugin error | 17:57 |
| Ken__ | ldapsearch: error while loading shared libraries: libldap-2.3.so.0: cannot open shared object file: No such file or directory | 17:58 |
| nowen | do you get that when you run the command with the location? | 17:58 |
| nowen | because it is the ldapsearch bundled with apacheds, not openldap | 17:59 |
| nowen | was this an iso install or rpm? | 17:59 |
| Ken__ | ISO | 18:00 |
| nowen | so, do you get an error or a help listing when you run '/opt/WiKID/directory/bin/ldapsearch' ? | 18:00 |
| Ken__ | That produces: /opt/WiKID/directory/bin/../lib/_client-script.sh: line 69: /usr/java/latest/bin/java: No such file or directory | 18:03 |
| nowen | interesting | 18:05 |
| Ken__ | If I run the ldapsearch ? from the bin dir I get ldapsearch: error while loading shared libraries: libldap-2.3.so.0: cannot open shared object file: No such file or directory | 18:06 |
| nowen | just to be sure, you were running tcpdump on the WiKID server, right? | 18:12 |
| Ken__ | Yes on the WiKID server | 18:14 |
| nowen | what does 'rpm -qa | grep wikid' say? | 18:15 |
| Ken__ | wikid-server-enterprise-3.4.62.b445-1 wikid-utilities-3.0.8-1 wikid-appliance-3.4.21.b126-1 | 18:26 |
| nowen | ok, just checking, building a fresh one | 18:26 |
| nowen | hmm, fresh install, works right off the bat | 18:38 |
| Ken__ | Same verisons? | 18:44 |
| nowen | yes | 18:44 |
| Ken__ | K. Now what? | 18:45 |
| Ken__ | Scrap this shit and move on to an enterprise solution | 18:45 |
| nowen | well, I think we focus on the differences between our setups | 18:46 |
| nowen | what i don't understand is why you don't get anything returned by the tcpdump | 18:46 |
| Ken__ | Well if the ldapsearch is not running then how would a call to an ldap server get issued? | 18:46 |
| nowen | the call in the code is written in java | 18:47 |
| nowen | there is a java module that performs the ldap call | 18:47 |
| *** Alamarca (c9f67d25@gateway/web/freenode/ip.201.246.125.37) has joined #wikid | 18:47 | |
| Alamarca | hi need help | 18:47 |
| nowen | hi Alamarca | 18:47 |
| nowen | what is your issue? | 18:47 |
| nowen | Ken__: The key difference is that your set up includes a firewall | 18:48 |
| Alamarca | by chance you will have the virtual machine where is the configuration of wikid video | 18:48 |
| Alamarca | and we installed on CentOS and not raise the url after the configuration and start | 18:49 |
| nowen | Alamarca: ok, is there an error? | 18:49 |
| nowen | on the WiKID server? | 18:49 |
| Alamarca | and gives an error when the load began to move the database | 18:50 |
| nowen | run | 18:50 |
| nowen | 'netstat -anp | grep 443' | 18:51 |
| nowen | on the server and let me know what it returns | 18:51 |
| Alamarca | can not load the database so we can not enter the url of configuration, thus wanted to know if they have the virtual machine demo on youtube, we are a Chilean company telchile yesterday asked if he could distribute its product in Chile | 18:51 |
| Alamarca | ok wait | 18:51 |
| Alamarca | not have the virtual machine then? | 18:53 |
| nowen | well. we do have a VMWare image, but it is based on Centos, so it would not be too different | 18:54 |
| nowen | you can also download the ISO and build your own vmware image - especially if you are using ESX | 18:55 |
| nowen | I responded to the email about partnering. | 18:55 |
| Alamarca | then the ISO is the virtual machine of vmware | 18:56 |
| Alamarca | ? | 18:56 |
| Alamarca | yes get the PDF | 18:56 |
| Alamarca | thnxs | 18:56 |
| Alamarca | when they invite us to a course of application or a training conference skype? | 18:58 |
| nowen | our vmware image is created from our iso, if that is what you're asking | 18:58 |
| Alamarca | have messenger, google talk or skype? | 18:58 |
| Alamarca | when they invite us to a course of application or a training conference skype? | 19:01 |
| nowen | I can't do that this week, I'm afraid. have you seen the install videos? | 19:04 |
| Alamarca | yes | 19:05 |
| nowen | on the terminal, can you run: netstat -anp | grep 443 | 19:05 |
| Alamarca | but we are not referring to the installation videos if not the product itself to sell the best and understand so that it serves | 19:06 |
| nowen | I can send you a powerpoint, but I won't have time to go over it with you for a couple of weeks. | 19:08 |
| Alamarca | OK, please send it andres.lamarca@telchile.net | 19:09 |
| Alamarca | thank you very much for your time and kindness | 19:09 |
| nowen | Thank You! | 19:11 |
| Ken__ | nowen - is there a second level of support at WiKID | 19:12 |
| nowen | Ken__: I'm more than happy to set up a webex or some type of remote desktop to take it to the next level | 19:12 |
| Ken__ | Our Security policy does not allow that. | 19:14 |
| Alamarca | Make sure to post the presentation of the product, we need to deliver the proposals today at 6 pm and are 4, thank you very much | 19:14 |
| nowen | Ken__: hehe, sadly, that is not often the case. Glad to hear it | 19:14 |
| nowen | Alamarca: I'll send the ppt asap | 19:15 |
| nowen | but that is short notice ;) | 19:15 |
| nowen | Ken__: I'm sorry for your problems. I have not seen this before. We typically have very happy users. | 19:22 |
| Alamarca | nowen | 19:32 |
| nowen | Alamarca: yes? | 19:34 |
| nowen | Alamarca: did you get the email? | 19:50 |
| Alamarca | yes | 19:50 |
| Alamarca | thnxs | 19:50 |
| Alamarca | when you finish the first part of video installation, in the second part of your linux console throw the https: / / WikiAdmin? | 19:51 |
| nowen | yes, you should get the web interface, Alamarca | 19:56 |
| nowen | did you not get it? | 19:56 |
| Alamarca | console and Web interface wake | 19:59 |
| Alamarca | :S | 19:59 |
| Alamarca | I am working with vmware ISO of you | 19:59 |
| nowen | ok | 19:59 |
| nowen | and when you run 'wikidctl start' what is the output? | 20:00 |
| Alamarca | everything boots up fine | 20:01 |
| nowen | ok, and when you browse to http://ipaddress/WiKIDAdmin, what happens? | 20:01 |
| Alamarca | everything success | 20:01 |
| Alamarca | Oops! Google Chrome could not connect to 192.168.1.145 | 20:02 |
| Alamarca | but https o http ? | 20:02 |
| nowen | the http redirects to https | 20:03 |
| nowen | on the WiKID server, what does 'ifconfig' say? | 20:03 |
| Alamarca | ALL OK | 20:04 |
| nowen | can you run 'netstat -anp | grep 443' | 20:05 |
| Alamarca | ip mask and gategay | 20:05 |
| nowen | ok, so it is listening | 20:05 |
| nowen | 'iptables -L -n' | 20:06 |
| Alamarca | tcp 0 0 :::443 | 20:06 |
| nowen | is 443 open? | 20:06 |
| Alamarca | yes | 20:06 |
| nowen | can you try with a different browser? | 20:06 |
| Alamarca | IE and Chrome | 20:06 |
| nowen | all the same? | 20:06 |
| nowen | Is your PC also on 192.168? | 20:07 |
| Alamarca | yes | 20:08 |
| Alamarca | me 192.168.1.34 wikid is 145 | 20:08 |
| Alamarca | in IPTABLES dont port 4443 | 20:08 |
| Alamarca | 443 | 20:08 |
| Alamarca | * | 20:08 |
| nowen | hmm, well, for testing, how about 'service iptables stop' | 20:09 |
| nowen | unless you want to add the rule | 20:09 |
| Alamarca | ready | 20:10 |
| Alamarca | stop iptables | 20:10 |
| nowen | and still you cannot get it to 192.168.1.145? | 20:11 |
| Alamarca | ip should leave the video, you should leave the same configuration as you give in the video? | 20:14 |
| nowen | you can use any IP address you want as long as it's routable to your PC | 20:22 |
| Alamarca | ok | 20:22 |
| Alamarca | see our company provides security services, a company is reporting via web and asked us after the user login security token will ask why we are interested in wikid, we used for this? | 20:24 |
| Ken__ | So Nick are you the only level of support here? | 20:36 |
| nowen | I can set up a call with our technical lead too, Ken | 20:36 |
| Ken__ | That would be great | 20:36 |
| Alamarca | see our company provides security services, a company is reporting via web and asked us after the user login security token will ask why we are interested in wikid, we used for this? | 20:40 |
| nowen | Alamarca: I don't understand the question | 20:41 |
| Alamarca | a company wants security token is requested after entering the credentials of your active directory on a web page | 20:42 |
| Alamarca | wikid can be deployed for this task | 20:42 |
| nowen | probably, what web server? | 20:42 |
| Alamarca | ISS o Apache | 20:44 |
| nowen | apache, definitely | 20:44 |
| nowen | Ken__: we're setting up 1 more test environment -then are you available for a call? | 20:45 |
| Alamarca | OK | 20:46 |
| Alamarca | ISS is harder? | 20:46 |
| nowen | well, I know that apache supports radius | 20:47 |
| Alamarca | sorry is IIS | 20:47 |
| Alamarca | no problem we'll find out | 20:48 |
| nowen | we have tested with apache, but not IIS. I'm not sure. You might have to run it through ISA | 20:48 |
| Ken__ | Any time tomorrow between 7 AM and 4:00 PM CST | 20:49 |
| nowen | also, you are better off not using the AD password. Just use the AD name and OTP. There is a benefit to not using the lan password outside the lan | 20:49 |
| Ken__ | I would not allow the users to register from the outside. | 20:52 |
| nowen | Ken__: can you email me the the entire ADRegister.jsp page you have? | 21:00 |
| nowen | passphrase scrubbed, of course | 21:01 |
| *** Alamarca has quit (Ping timeout: 252 seconds) | 21:01 | |
| Ken__ | Sure. | 21:01 |
| nowen | Ken__: I can't recall, did we try with iptables stopped? | 21:30 |
| *** nowen has quit (Quit: Leaving.) | 23:02 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!