| *** sheldon (3cf2f69c@gateway/web/freenode/ip.60.242.246.156) has joined #wikid | 12:01 | |
| alamarca | hi | 13:40 |
|---|---|---|
| *** vp_ (40b3d246@gateway/web/freenode/ip.64.179.210.70) has joined #wikid | 13:45 | |
| alamarca | hi | 13:55 |
| *** nowen (~nowen@adsl-66-184-38.asm.bellsouth.net) has joined #wikid | 14:18 | |
| nowen | morning all | 14:23 |
| alamarca | hi | 14:24 |
| *** nowen has parted #wikid (None) | 15:06 | |
| *** alamarca has quit (Ping timeout: 248 seconds) | 15:23 | |
| *** alamarca (~alamarca@201.246.112.37) has joined #wikid | 15:26 | |
| *** gbo (a9841201@gateway/web/freenode/ip.169.132.18.1) has joined #wikid | 15:36 | |
| gbo | Anyone active here? | 15:37 |
| *** alamarca has quit (Read error: Connection reset by peer) | 15:42 | |
| *** alamarca (~alamarca@201.246.112.37) has joined #wikid | 15:42 | |
| *** alamarca has quit (Ping timeout: 248 seconds) | 15:51 | |
| vp_ | anyone here? | 16:24 |
| *** nowen (~nowen@adsl-66-184-38.asm.bellsouth.net) has joined #wikid | 16:27 | |
| vp_ | Hi, Nick. | 16:32 |
| vp_ | Do you have a min for me now, please? | 16:32 |
| nowen | sure | 16:32 |
| vp_ | thx | 16:32 |
| vp_ | It says that LDAP_wauth_server is 12-digit code for the domain. what does it mean by "the domain"? | 16:33 |
| nowen | hmm | 16:33 |
| vp_ | is LDAP_wauth_server same as server code? | 16:33 |
| nowen | are you setting up a domain? | 16:33 |
| nowen | what are you trying to do? | 16:33 |
| vp_ | ok, here is the problem I have right now. | 16:34 |
| vp_ | I can get passcode from wikid authentication client. | 16:34 |
| nowen | ok | 16:34 |
| vp_ | and when I pass the passcode to our webserver which use webdav. it doesn't work. | 16:35 |
| vp_ | so i am wondering the problem is related with LDAP_wauth_server, for example. | 16:35 |
| nowen | weren't you using radius before? | 16:35 |
| vp_ | yes | 16:35 |
| vp_ | do I need LDAP, thou when I use Radius? | 16:36 |
| nowen | no, I recommend you disable ldap and go with just radius | 16:36 |
| vp_ | ok, let me try with it then. | 16:37 |
| nowen | yes, did you see the doc on the site re apache? | 16:37 |
| nowen | there are a couple, actually :) | 16:38 |
| nowen | what OS is the webserver on? | 16:38 |
| vp_ | we are running our webserver on Fedora, I think. | 16:40 |
| nowen | probably: http://www.wikidsystems.com/support/wikid-support-center/how-to/two-factor-authentication-for-apache-2.2-or-higher/?searchterm=apache | 16:41 |
| vp_ | well, the configuration on the webserver's apache was done already before. | 16:44 |
| nowen | oh - ok, so it is the same. I see | 16:44 |
| vp_ | because now we are re-installing the latest version of wikid. | 16:44 |
| vp_ | yes ::) | 16:45 |
| nowen | ok, makes sense ;) | 16:45 |
| nowen | so, is the webserver set up as a network client on the wikid server? | 16:45 |
| vp_ | yes, correct | 16:46 |
| vp_ | same like what we had before. | 16:46 |
| nowen | using radius? | 16:48 |
| nowen | and did you restart the wikid after you added the network client? | 16:49 |
| vp_ | yes | 16:51 |
| vp_ | yes | 16:51 |
| nowen | ok, on the logs, when you try to login do you see anything after the passcode is sent to the token? | 16:51 |
| vp_ | 2011-04-13 12:52:12.659INFOcom.wikidsystems.server.DeviceTransactionExecIssued passcode to device -xxxxxxxxxxxxx | 16:53 |
| vp_ | This is the last record on the logs. | 16:53 |
| nowen | ok, so that's the OTP going to the token. for some reason, the auth request is not getting to the WiKID server | 16:54 |
| nowen | on the terminal, will you run | 16:54 |
| nowen | 'iptables -L -n' | 16:54 |
| nowen | and make sure you see the IP of the webserver | 16:54 |
| vp_ | yes, i see it under Chain INPUT (policy ACCEPT) | 16:55 |
| nowen | ok | 16:55 |
| nowen | do you have access to the web server logs? | 16:55 |
| vp_ | yes, please give me a second here, I will log into the web server right now. | 16:56 |
| nowen | also, when you said ": It says that LDAP_wauth_server is 12-digit code for the domain. what does it mean by "the domain"?" what is it? | 16:56 |
| vp_ | when I go to http://www.wikidsystems.com/support/wikid-support-center/manual/how-to-install-the-wikid-strong-authentication-server/how-to-install-the-wikid-strong-authentication-server-enterprise-edition-page-4 | 17:01 |
| nowen | ahh - I see. | 17:02 |
| nowen | yes, not needed for radius | 17:02 |
| vp_ | ok, cool. thx | 17:02 |
| vp_ | now I am in the web server. | 17:03 |
| vp_ | which log I should look up? | 17:03 |
| nowen | ok, so /var/log/httpd/error.log | 17:03 |
| nowen | I think | 17:03 |
| vp_ | Nick, please give me a min here because I have a problem to access the folder. | 17:08 |
| nowen | ok | 17:08 |
| *** alamarca (~alamarca@190.20.207.65) has joined #wikid | 17:09 | |
| *** alamarca_ (~alamarca@201.246.112.37) has joined #wikid | 17:43 | |
| *** alamarca has quit (Ping timeout: 252 seconds) | 17:45 | |
| *** alamarca_ is now known as alamarca | 17:45 | |
| *** alamarca has quit (Client Quit) | 17:45 | |
| *** alamarca (~alamarca@201.246.112.37) has joined #wikid | 17:46 | |
| vp_ | Sorry, Nick. I didn't have a permission to access the logs. | 17:48 |
| vp_ | Now, I am on the file | 17:48 |
| nowen | np | 17:52 |
| vp_ | what should I look for on th log file? | 17:54 |
| nowen | why the auth failed | 17:56 |
| nowen | or the auth attempt | 17:56 |
| nowen | you might want run 'tail -f error.log' and then auth again | 17:57 |
| vp_ | user test: authentication failure for "/": Password Mismatch | 17:58 |
| vp_ | xradius: RADIUS Request for user 'test' failed: (-1) No valid RADIUS responses received | 17:59 |
| vp_ | user test: authentication failure for "/": Password Mismatch | 17:59 |
| nowen | what is the IP address of the radius server in the apache config? is it correct? | 17:59 |
| vp_ | yes. | 17:59 |
| nowen | on the WiKID server, plz run 'netstat -anp | grep 1812' | 18:00 |
| nowen | and make sure it returns something | 18:00 |
| vp_ | udp 0 0 :::1812 :::* 5717/java unix 2 [ ACC ] STREAM LISTENING 18122 5427/postmaster /tmp/.s.PGSQL.5432 | 18:00 |
| nowen | hmm, ok. so on the WiKID server, the listener is there and the firewall is open | 18:01 |
| nowen | can you ssh from the web server to the WiKID server? | 18:01 |
| vp_ | yes, I can. | 18:02 |
| nowen | hmm | 18:02 |
| nowen | and there is still no more info in the WiKIDAdmin logs? | 18:02 |
| vp_ | Nick, just in case, can you tell me how to check radius server in the apache config on the webserver? | 18:02 |
| *** alamarca has quit (Ping timeout: 240 seconds) | 18:03 | |
| nowen | well, it can depend a bit on the setup, but something like on this page: http://www.wikidsystems.com/support/wikid-support-center/how-to/two-factor-authentication-for-apache-2.2-or-higher/ | 18:03 |
| *** alamarca (~alamarca@201.246.93.215) has joined #wikid | 18:04 | |
| nowen | with the key piece being | 18:04 |
| nowen | <directory "/var/www/html/radius"> AuthType Basic AuthBasicProvider xradius AuthName "Please enter your username and WiKID one-time passcode for entry to this site." AuthXRadiusAddServer "wikid_server_address:1812" "wikidserver_shared_secret" AuthXRadiusTimeout 7 AuthXRadiusRetries 2 require valid-user </directory> | 18:04 |
| nowen | but you might not be using mod-auth-xradius | 18:04 |
| nowen | and you might not be using directory | 18:05 |
| nowen | can you post the info you have? scrubbed of private info? | 18:05 |
| vp_ | Nick, I got it work. Thanks :) | 18:11 |
| nowen | awesome | 18:11 |
| vp_ | Thank you very much for your help. :) | 18:13 |
| vp_ | wish you a have a great day. | 18:13 |
| nowen | you too! | 18:13 |
| vp_ | take care, Nick. | 18:13 |
| vp_ | bye | 18:13 |
| *** vp_ has parted #wikid (None) | 18:13 | |
| *** alamarca has quit () | 18:39 | |
| *** alamarca (~alamarca@201.246.93.215) has joined #wikid | 18:40 | |
| *** alamarca has quit (Client Quit) | 18:40 | |
| *** alamarca (~alamarca@201.246.93.215) has joined #wikid | 18:42 | |
| nowen | alamarca: the spanish doc looks nice! | 18:42 |
| alamarca | thnxs | 18:42 |
| alamarca | was with much love and dedication | 18:43 |
| nowen | thank you! | 18:43 |
| nowen | haha ;) | 18:43 |
| *** cmb991 (445764f2@gateway/web/freenode/ip.68.87.100.242) has joined #wikid | 19:01 | |
| *** cmb991 has quit (Client Quit) | 19:02 | |
| *** sheldon has quit (Ping timeout: 252 seconds) | 19:04 | |
| *** finalbeta_ (~finalbeta@ip-213-49-93-185.dsl.scarlet.be) has joined #wikid | 19:07 | |
| *** finalbeta has quit (Ping timeout: 276 seconds) | 19:11 | |
| *** cmb991 (445764f2@gateway/web/freenode/ip.68.87.100.242) has joined #wikid | 19:18 | |
| cmb991 | hey nick | 19:18 |
| nowen | hi | 19:18 |
| cmb991 | hey, I just sent you the email about the pricing. | 19:19 |
| nowen | ahh, ok | 19:19 |
| cmb991 | Is there anyway to get it any lower than that? | 19:19 |
| cmb991 | for 911 volunteer agencies? | 19:19 |
| nowen | we have discounts for non-profits, but they start at 25 users | 19:20 |
| cmb991 | Ah | 19:20 |
| cmb991 | Okay well thanks anyway, I'll keep looking. Thanks for your time. | 19:20 |
| nowen | what price are do you need? | 19:20 |
| cmb991 | Trying not to go over 150.00. I know that's really not realistic. | 19:21 |
| cmb991 | I might just end up having to setup pfSense with IPSec clients that use pre-shared keys. | 19:21 |
| nowen | openvpn with certs? | 19:22 |
| cmb991 | I was looking to use authenticators. I noticed you guys have authenticators that were on the PC | 19:23 |
| nowen | yes | 19:23 |
| nowen | you might be able to use our open source version | 19:23 |
| cmb991 | But what is the price around? I don't know much about compiling source if that is what it requires. | 19:24 |
| nowen | there is no need to compile, it is a java app. the same install procedures as the enterprise. it is free, but does not come with radius, wireless token clients or support | 19:27 |
| nowen | commercial support, that is | 19:27 |
| cmb991 | What about mobile connections? | 19:28 |
| nowen | what do you mean? | 19:28 |
| cmb991 | Mobile connections from phones. I noticed you guys have a mobile java version | 19:28 |
| nowen | mobile token clients are not supported in the community edition | 19:28 |
| cmb991 | Okay, is there a link for this version? | 19:29 |
| nowen | http://www.wikidsystems.com/community-version | 19:29 |
| cmb991 | And this version does support the Authenticators on the PC so when the user goes to connect to the VPN, it will ask them for their authenticator generated number? | 19:29 |
| nowen | yes. the question is how will you connect it to your remote access solution. | 19:30 |
| cmb991 | pfsense. | 19:30 |
| cmb991 | Yeah Hmm | 19:30 |
| cmb991 | If it doesn't support radius. | 19:30 |
| nowen | you can use our tacacs+ via pam. | 19:30 |
| nowen | it's a bit kludgy, imo | 19:30 |
| cmb991 | hmm | 19:31 |
| cmb991 | I'm assuming that is the only way to have something like pfsense communicate with it? Well can WiKID Community Version handle vpn connecations? | 19:32 |
| cmb991 | connections*** | 19:32 |
| nowen | it is not a vpn, only an auth server | 19:32 |
| cmb991 | Oh. | 19:32 |
| cmb991 | Is there any other way for a vpn server to communicate with it other than radius? | 19:34 |
| cmb991 | pfsense vpn server**** | 19:34 |
| nowen | that's a question for #pfsense. we've talked to those guys about integrating, but the easy solution was radius. | 19:35 |
| nowen | so, we didn't do a custom interface | 19:35 |
| cmb991 | Ah, okay. Well thanks a lot for your Nick. | 19:36 |
| nowen | np | 19:36 |
| nowen | good luck | 19:36 |
| cmb991 | thanks!! | 19:36 |
| *** cmb991 has parted #wikid (None) | 19:36 | |
| *** alamarca has quit (Read error: Connection reset by peer) | 22:13 | |
| *** alamarca (~alamarca@201.246.93.215) has joined #wikid | 22:15 | |
| *** nowen has quit (Quit: Leaving.) | 22:34 | |
| *** alamarca has quit (Read error: Connection reset by peer) | 22:50 | |
| *** alamarca (~alamarca@201.246.93.215) has joined #wikid | 23:34 | |
| *** alamarca has quit (Remote host closed the connection) | 23:45 | |
| *** alamarca (~alamarca@201.246.93.215) has joined #wikid | 23:46 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!