Tuesday, 2011-05-03

*** perestre1ka has quit (Ping timeout: 248 seconds)		07:34
*** nowen (~nowen@adsl-98-66-164-120.asm.bellsouth.net) has joined #wikid		12:12
*** Guest__ (4211be12@gateway/web/freenode/ip.66.17.190.18) has joined #wikid		13:19
*** Guest__ has quit (Client Quit)		13:20
*** alamarca (~alamarca@201.246.71.22) has joined #wikid		13:31
alamarca	hi	13:31
nowen	morning!	13:35
nowen	still no word from your customer	13:35
*** alamarca has quit (Ping timeout: 240 seconds)		13:52
*** myndwire (myndwire@208.40.196.99) has joined #wikid		15:02
myndwire	hola	15:02
nowen	hi	15:02
myndwire	whats up nowen? i'm still on my wikid adventure... seems to be a pam issue	15:03
nowen	refresh my memory: what are you trying to do? ssh?	15:04
myndwire	the typical nomachine/token client vnc thing via ssh yeah	15:04
nowen	ahh	15:04
nowen	so, what are you seeing in the logs?	15:04
myndwire	May 3 10:53:23 rmuauth01 sshd[9574]: pam_radius_auth: DEBUG: getservbyname(radius, udp) returned 7351264.	15:05
myndwire	May 3 10:53:24 rmuauth01 sshd[9574]: pam_radius_auth: RADIUS server 127.0.0.1 failed to respond	15:05
myndwire	May 3 10:53:24 rmuauth01 sshd[9574]: pam_radius_auth: DEBUG: getservbyname(radius, udp) returned 7351264.	15:05
myndwire	May 3 10:53:25 rmuauth01 sshd[9574]: pam_radius_auth: RADIUS server 10.2.21.50 failed to respond	15:05
myndwire	May 3 10:53:25 rmuauth01 sshd[9574]: pam_radius_auth: DEBUG: get_ipaddr(other-server) returned 0.	15:05
myndwire	May 3 10:53:25 rmuauth01 sshd[9574]: pam_radius_auth: Failed looking up IP address for RADIUS server other-server (errcode=9)	15:05
myndwire	May 3 10:53:25 rmuauth01 sshd[9574]: pam_radius_auth: All RADIUS servers failed to respond.	15:05
myndwire	all auth methods seem to be failing	15:05
myndwire	my /etc/raddb/server is set, as well as /etc/pam.d/ssh	15:05
myndwire	ossec is actually spitting out more accurate stuff for me	15:05
nowen	on the WiKID server, which I assume is 10.2.21.50, what are the last items in the WiKIDAdmin logs?	15:06
myndwire	wow	15:06
myndwire	lemme see	15:06
myndwire	the http interface logs?	15:08
myndwire	i swear there was a flat logfile somewhere named that	15:08
myndwire	oh wow	15:09
myndwire	2011-05-03 11:04:26.271 INFO com.wikidsystems.radius.log.DBSvrLogImpl RADIUS Receiver Started: listening on port 1812	15:09
myndwire	2011-05-03 11:04:26.280 INFO com.wikidsystems.radius.log.DBSvrLogImpl Failed to create RADIUS server socket on port 1812: java.net.BindException: Address already in use	15:09
nowen	hmm	15:09
myndwire	2011-05-03 11:04:26.287 FATAL com.wikidsystems.radius.authserver.AuthServer Can't start RADIUS Server	15:09
myndwire	thats odd	15:09
nowen	what does 'netstat -anp \| grep 1812' say?	15:09
myndwire	then again i guess it's started, and the auth is foobar	15:09
myndwire	lemme see	15:09
myndwire	udp 0 0 ::ffff:127.0.0.1:1812 :::* 8436/java	15:10
myndwire	yep	15:10
nowen	hmm, this is all on one server, right?	15:11
myndwire	yessir	15:11
nowen	the network client in WiKID is the 10.2.21.50 as is the entry in /etc/raddb/server?	15:12
myndwire	yeah... i've got an entry for both 10.2.21.50 as well as 127.0.0.1 in /etc/raddb/server	15:12
myndwire	although the localhost entry is just 127.0.0.1 sercret 1	15:13
nowen	on the WiKIDAdmin logs, configure loggers page, set the three middle loggers to debug	15:13
nowen	and run thru it again, starting with the OTp	15:14
myndwire	ah ok, so com.wikidsystems through com.wikidsystems.server.wAuth	15:14
myndwire	those 3 center ones	15:14
nowen	yes	15:15
myndwire	gotcha	15:15
myndwire	alrighty, lets see what we've got	15:16
myndwire	http://xq3.net/~myndwire/wikid-debug.jpg	15:20
nowen	hmm	15:22
nowen	so, it has to do with the face that it's all running on one box	15:23
nowen	see that the packets are from 127.0.0.1	15:23
nowen	try adding a network client for 127.0.0.1 and see if that works	15:23
myndwire	will do	15:30
myndwire	failed...ugh.. lets see what the logs say	15:34
myndwire	same thing, but i took out the other nomachine entry... i'm going to put a 2nd one in now and try that	15:37
nowen	be sure to run 'wikidctl restart'	15:40
nowen	radius caches everything	15:40
myndwire	ya i did	15:40
myndwire	fack...no dice. i'll check logs	15:41
nowen	is this in vmware?	15:41
myndwire	the server itself is yeah	15:41
myndwire	wow, no exception this time	15:41
nowen	what does it say?	15:41
myndwire	Got log client connection from:/127.0.0.1:/127.0.0.1:58127	15:42
nowen	is the user enabled?	15:42
myndwire	Listening for logging client connections...	15:42
myndwire	yeah, should be	15:42
myndwire	lemme double check	15:42
myndwire	yup	15:42
myndwire	crap, i did get the exception	15:43
myndwire	it'd odd, it's like it gets all the way up to the point after passcode processing	15:44
nowen	is it the same error?	15:44
myndwire	com.wikidsystems.radius.log.DBSvrLogImpl	15:44
nowen	I mean same IP	15:44
myndwire	is what the same ip?	15:44
myndwire	i wonder ...	15:46
myndwire	essentially this is tunneling the ssh connection from me, to 10.2.21.50, to the ip of the vnc host	15:46
nowen	I wonder if you should set up a separate server for freenx ;)	15:46
myndwire	eek... that would be uber-redundant, i hope it's not necessary..	15:46
myndwire	i'm going to make sure the right firewall rules are even in that area	15:47
myndwire	oh yeah	15:47
myndwire	Connected to 10.7.35.34 (10.7.35.34).	15:47
myndwire	Escape character is '^]'.	15:47
myndwire	RFB 003.006	15:47
myndwire	^]	15:47
myndwire	from 10.2.21.50	15:47
myndwire	so thats alright	15:47
nowen	this is issue is with the connection between pam_radius and wikid. wikid doesn't recognize the ip of where the packets are coming from	15:48
nowen	so it is rejecting them	15:48
myndwire	yeah... weird... is pam at least coming back with something?	15:49
myndwire	makes me wonder if something is wrong with that pam module i compiled	15:49
nowen	pam is saying that the auth is rejected	15:49
myndwire	we had just gotten warnings ,but still	15:49
nowen	trying commenting out the 127 entry in the server file	15:50
nowen	I think that pam is fine	15:50
myndwire	cool. lets see what this does.	15:50
nowen	it is getting a radius request to wikid	15:50
nowen	but wikid just doesn't like it	15:50
*** perestrelka (~vlad@194.242.5.47) has joined #wikid		15:51
myndwire	should the radius module in wikid's config be configured for 127.0.0.1?	15:52
nowen	yes	15:52
nowen	in fact, there shouldn't be an option to change it ;)	15:52
myndwire	yeah	15:52
myndwire	oh there is	15:53
myndwire	lol	15:53
myndwire	this is so crazy... like...after restarting wikid, i get no exception	15:54
myndwire	the last log line is 2011-05-03 11:51:45.706 DEBUG com.wikidsystems.server.WikidCode3AES Passcode request processing successfully completed.	15:54
myndwire	no it didnt, lol	15:54
myndwire	er	15:54
myndwire	wait, yeah it did	15:54
myndwire	thats the passcode	15:54
nowen	ok, so same error? with 127 still?	15:55
myndwire	actually i'm not getting any exceptions now	15:55
myndwire	3 center loggers set debug	15:56
nowen	oh, and did you see that you can set the loggers: Save currrent configuration as startup configuration	15:56
myndwire	oh nice, thats useful	15:56
nowen	otherwise they drop back to default	15:56
myndwire	ya	15:56
myndwire	i've just been changing them	15:56
myndwire	post-restart	15:56
myndwire	hehe	15:56
myndwire	weird...so no more exception	15:57
myndwire	publickey auth is fine, verifys the pin	15:57
myndwire	inserts new valid passcode for device	15:57
myndwire	issued it	15:57
myndwire	cipher info lines	15:57
myndwire	passcode req processing successfully completed	15:57
myndwire	sent 144 bytes to client... and thats it	15:58
myndwire	makes me think theres a simpler test than using a remote vnc client	15:58
myndwire	haha	15:58
nowen	if the last thing in the logs is the OTP request, then the radius request isn't getting to wikid	15:59
myndwire	oh yeah	15:59
myndwire	that makes sense	15:59
myndwire	duh	15:59
myndwire	hence the localhost line	16:00
nowen	:)	16:00
myndwire	buuuut	16:00
myndwire	that tells me	16:00
myndwire	the localhost line has a shared_secret of 'secret'	16:00
nowen	hmm	16:00
myndwire	i've tried this already i believe, but i'm going to give it the actual shared secret	16:00
nowen	hmm, yes	16:00
myndwire	its also possible it hates my ridiculous shared secret	16:00
myndwire	hehe	16:00
nowen	possible	16:00
nowen	you might try alphanumeric only	16:01
myndwire	yeah true	16:01
myndwire	i'm going to try that after this	16:01
myndwire	odd, no communication with radius	16:03
myndwire	changed to alphanum in both /etc/raddb/server and both network clients	16:06
myndwire	gahhh... stops at passcode request processing sucessfully completed	16:07
myndwire	listening for logging client connections...	16:07
myndwire	no radius crap	16:07
nowen	hmm, and it's running, right?	16:07
myndwire	i've got to step something back, i think the dual network clients	16:07
myndwire	hmm?	16:07
nowen	so, I see i have made everything much worse	16:08
nowen	;)	16:08
myndwire	lol	16:08
myndwire	i thought radius was called by nx/wikid	16:08
myndwire	didnt think it ran all the time	16:08
nowen	the wikid radius listener is up all the time	16:08
myndwire	oh shite...	16:08
myndwire	udp 0 0 ::ffff:127.0.0.1:1812 :::* 8436/java	16:09
nowen	it can take a while for it to start - it needs random bit and that can take a while	16:09
myndwire	thats it right?	16:09
myndwire	ohhh	16:09
nowen	yes	16:09
myndwire	lol i was impatient	16:09
myndwire	yeah there's our exception	16:10
myndwire	made sure secrets are the same on both network clients, /etc/raddb/server .. it's all alphanum now, no chars	16:12
myndwire	i guess nothing can really be changed in the radius config.. only thing i think i did was uncheck multihomed	16:21
myndwire	locla firewall is a possibility... but iptables looks alright.. should be ok with the list of localhost ports open in the regular input chain	16:29
myndwire	local*	16:29
nowen	is this our iso?	16:29
nowen	what is selinux doing?	16:33
nowen	disabled?	16:33
myndwire	yeah it should be disabled	16:39
myndwire	i wonder if i can try bringing up another ip on the same machine and just setting my network client solely to that	17:10
nowen	another 10.x ip?	17:14
myndwire	sure	17:14
nowen	can't hutr	17:14
myndwire	could just grab one in the same subnet and bind it	17:14
nowen	erp hurt	17:14
myndwire	thats all i'd need right, just change the network client config	17:14
nowen	yes	17:14
myndwire	probably reboot the whole box for good measure	17:14
myndwire	that way it can go ahead and present freenx is on a separate machine	17:15
myndwire	lets see what happens :D	17:15
myndwire	doh... damnit. it even gave me the cert for the new ip/ssh connection.	17:33
myndwire	same friggin exception	17:33
nowen	hmm	17:34
nowen	ok - so what do you have for the network clients?	17:34
nowen	and by same you mean it still references 127.0.0.1?	17:34
myndwire	network client is set to 10.2.21.51 (the new ip)	17:36
myndwire	/etc/raddb/server still references localhost first, then 10.2.21.50	17:37
nowen	try commenting out localhost again	17:37
myndwire	k	17:37
nowen	you should not have to restart anything	17:37
myndwire	ah ok cool	17:37
myndwire	yeah	17:37
myndwire	figured with that	17:37
myndwire	oh and i of course changed the ip in the actual nx client to be the new one	17:37
myndwire	hrm...stops at issued passcode to device	17:39
myndwire	its definitely using localhost in the server file from what it appears, at least to get further than the pin / ssl exchange stuff	17:40
nowen	ok, and did you try using localhost in /server and creating a localhost network client?	17:40
myndwire	yeah, but let me do it again just to be sure	17:40
myndwire	i just put back the localhost server entry	17:41
myndwire	and it threw the exception	17:41
myndwire	ok, tried that, exception :(	17:42
nowen	you restarted wikid?	17:42
myndwire	oops	17:42
myndwire	lemme do that	17:42
myndwire	odd...stops at sent 144 bytes	17:46
nowen	ok, so I think in that case, pam-radius must fail b/c wikid is already using 1812 on localhost	17:46
nowen	what I don't know is why using the other addy is failing	17:47
myndwire	yeah that makes sense	17:47
myndwire	well, the only place we're using the new ip is in the actual desktop client	17:47
myndwire	b/c we chnged the network client to be 127.0.0.1	17:48
myndwire	same w/ /etc/raddb/server	17:48
nowen	yes, I meant previously. before we changed to the localhost	17:49
myndwire	oh right	17:49
myndwire	sorry	17:49
nowen	why did wikid think it was coming from the localhost?	17:49
* myndwire rolls around on the floor in pain		17:58
myndwire	haha	17:59
myndwire	ipc listener is the radius tihng right	17:59
nowen	so, this is why we recommend putting freenx on a separate host ;)	17:59
nowen	yes	17:59
myndwire	ugh	17:59
myndwire	it just sucks to have such a small trivial thing on a totally separately dedicated box :-\	18:00
myndwire	hmm	18:00
myndwire	i could have my systems guy dupe this vm and ip it .51	18:00
myndwire	just to test with	18:00
nowen	well, we recommend it because of the separation of duties. you don't want a flaw in freenx exposing your auth server	18:01
myndwire	woah	18:02
myndwire	just had something happen	18:02
myndwire	issued passcode	18:02
nowen	something good?	18:02
myndwire	wclient called	18:02
myndwire	keyfile exists	18:02
myndwire	keyfile obj created	18:02
myndwire	ok..	18:02
myndwire	bla bla	18:02
myndwire	reading from socket	18:02
myndwire	then some xml lines	18:03
myndwire	string received: transaction etc etc	18:03
myndwire	all wclientconn v3.1 shit	18:03
myndwire	wclient connection to wauth 3.0 accepted	18:03
myndwire	nascallback logs set up	18:03
myndwire	is this startup stuff that i just missed before?	18:03
myndwire	the latest line was radius starting on 1812	18:03
myndwire	(wikid's)	18:04
myndwire	oh yeah	18:04
myndwire	i'm getting real ddata	18:04
myndwire	Name (1), Length: 10, Data: [obringer], 0x6F6272696E676572 User-Password (2), Length: 18, Data: 0xFED0211BFE500CEDFAE5EBA9D1CCD53E NAS-IP-Address (4), Length: 6, Data: [IP 10.2.21.50], 0x0A021532 NAS-Identifier (32), Length: 6, Data: [sshd], [# 1936943204] / [IP 115.115.104.100], 0x73736864 NAS-Port (5), Length: 6, Data: [# 11373], 0x00002C6D NAS-Port-Type (61), Length: 6, Data: [# 5 (Virtual)], 0x00000005 Service-Type (6), Length: 6, Data: [# 8 (Authentica	18:05
myndwire	NASip is '127.0.0.1'	18:05
myndwire	PAP Request	18:05
myndwire	Checking obringer:213268:010002021050	18:05
myndwire	Check returned false	18:05
myndwire	<181> Access-Request(1) LEN=89 127.0.0.1:12398 Access-Request by obringer Failed: AccessRejectException: Access Denied	18:05
myndwire	Access denied for obringer, domain code: 010002021050 client: /127.0.0.1	18:05
myndwire	woah	18:05
myndwire	mostly all com.wikidsystems.radius.access.WikidAccess4	18:07
nowen	hmm	18:20
nowen	is the user enabled?	18:20
myndwire	lol	18:26
myndwire	yes it is	18:26
myndwire	i didnt disable it though	18:26
myndwire	odd	18:26
myndwire	access denied still	18:26
myndwire	have to restart?	18:27
nowen	no, just re-enable	18:27
nowen	it happens during testing - users exceed bad attempts	18:27
myndwire	<202> Access-Request(1) LEN=89 127.0.0.1:13621 Access-Request by obringer Failed: AccessRejectException: Access Denied	18:28
myndwire	Access denied for obringer, domain code: 010002021050 client: /127.0.0.1	18:28
*** perestrelka has quit (Ping timeout: 240 seconds)		18:28
myndwire	thats bizarre	18:29
nowen	is there more info?	18:29
myndwire	ehh not really	18:29
myndwire	here, i'll cap the entire attempt	18:30
myndwire	http://xq3.net/~myndwire/wikid-close.jpg	18:32
myndwire	cut off a couple trivial lines	18:32
myndwire	from the beginning	18:32
myndwire	oh goddamnit	18:32
myndwire	i didnt meant to do that	18:32
myndwire	managed to capture both of my screens, heh	18:32
nowen	the NAS IP is still 127.0.0.1	18:36
nowen	that should be the network client IP	18:37
myndwire	NAS?	18:52
myndwire	network client u mean?	18:53
nowen	that's a radius term for the network client	18:53
myndwire	oh sorry, gotcha	18:53
nowen	network access server, i think	18:53
myndwire	yeah	18:53
myndwire	grumble	18:56
myndwire	ok it looks like the nas ip isn't set in wikid...	18:59
myndwire	i changed the network client back to 10.2.21.50	18:59
myndwire	changed the server file to only feature the 10.2.21.50 address	18:59
myndwire	no exception	18:59
myndwire	re-enabled the user	18:59
myndwire	and it says NASip is '127.0.0.1' now	19:00
nowen	and restarted?	19:00
myndwire	yeah	19:00
myndwire	restarted after the network client	19:00
nowen	wtf	19:00
myndwire	er no	19:00
myndwire	server file has 127.0.0.1	19:00
myndwire	its the only way it'll hand off to radius	19:00
nowen	hmm, so if the localhost line is commented out, it won't send the request to the next line?	19:01
myndwire	right	19:02
myndwire	if i have just the 10.x addres listed	19:02
myndwire	and the 127 commented out	19:02
myndwire	it stalls	19:02
myndwire	i wonder how bad it'd be to alias localhost to the ip address via /etc/hosts	19:05
myndwire	depends on whats running at the os layer on the ip only i guess	19:05
myndwire	although it really shouldn't matter	19:05
myndwire	hmm	19:05
myndwire	naw thats just ghetto	19:06
nowen	hmm	19:06
nowen	what is in localhost?	19:06
myndwire	127.0.0.1 localhost	19:06
nowen	is the .50 address in there?	19:06
myndwire	10.2.21.50 rmuauth01 rmuauth01.rmu.edu	19:06
myndwire	i mean i guess i could just add that ip to localhost	19:06
myndwire	see what happens	19:06
nowen	I don't know what that would do	19:06
myndwire	hehe yeh its tough to say	19:07
myndwire	lets see	19:07
myndwire	bleh... doesnt even touch radius	19:08
myndwire	hmmm	19:09
myndwire	now i COULD utilize this 2nd ip address for something	19:09
myndwire	hm...at least that didnt do anything useful	19:11
myndwire	ok i'm an idiot, had the network client wrong address since my last restart..	19:12
nowen	hehe	19:12
myndwire	new discovery	19:15
myndwire	we don't hit radius stuff with a network client of the ip	19:15
myndwire	10.2.21.50	19:15
myndwire	regardless of the /etc/raddb/server setting	19:15
myndwire	so i've got that covered	19:15
nowen	hmm	19:16
nowen	here's a radius test client: http://www.iea-software.com/products/radlogin4.cfm	19:16
*** myxo (~soundsold@f7df2e7e-a771-42b5-92a3-c0b9766c8a2c.static.grokthis.net) has joined #wikid		19:16
myndwire	SELINUX=permissive	19:16
myndwire	oh nice	19:17
nowen	you can set it up on your pc and create a network client for it	19:17
nowen	just to make sure that it is the pam-radius and not our radius ;)	19:17
myndwire	cfm file?	19:17
nowen	hehe - that's just their web page. cold fusion, i guess	19:18
myndwire	oh duh	19:18
myndwire	sorry	19:18
nowen	http://www.iea-software.com/ftp/radiusv5/windows/radlogin4.exe	19:18
myndwire	i was about to wget the file hehe	19:18
nowen	there's other os's too	19:18
nowen	welcome myxo	19:19
myxo	hi, thanks :)	19:19
myndwire	hrm... so create a network client for the ip of my desktop here	19:19
myxo	You must be Nick. I work with James, got fowarded a copy of the email thread and thought I'd drop by.	19:20
nowen	ahh yes, James seemed to like my suggested plan ;)	19:21
*** sjoeboo (~sjoeboo@dhcp-0165702364-30-a3.client.fas.harvard.edu) has joined #wikid		19:23
myndwire	nowen: so add a radius server to this, i'm assuming ports the same as the wikid server	19:24
nowen	yes, change them to 1812	19:24
myndwire	isnt acct 1813	19:24
nowen	oh, yes	19:24
myndwire	hehe yeah	19:24
myndwire	and add anything to wikid?	19:24
myndwire	a network client	19:25
nowen	just that	19:25
myndwire	just a network client, or just config the radius test client	19:25
myndwire	stuck	19:29
myndwire	:(	19:29
nowen	what happened?	19:29
myndwire	i'm just sort of confused with this thing	19:29
myndwire	i added the server	19:29
myndwire	102.2.150	19:29
myndwire	auth 1812	19:29
myndwire	acct port 1813	19:29
myndwire	coa port... eeh... left default	19:29
myndwire	write config	19:29
myndwire	what else? and what to kick off an attempt	19:30
nowen	then hit Request Profiles	19:30
myndwire	alrighty	19:30
nowen	is there one for authentication?	19:30
myndwire	ya	19:30
nowen	if not, hit Add	19:30
nowen	ok - hit 'radlogin'	19:31
myndwire	hmmm..wheres that	19:31
myndwire	got it	19:31
myndwire	try a login with a token #?	19:32
nowen	yes	19:32
myndwire	status: timeout	19:32
nowen	did you run wikidctl restart after adding the network client?	19:33
nowen	welcome sjoeboo	19:33
myndwire	1sec	19:33
sjoeboo	hello	19:33
sjoeboo	just lurking	19:33
nowen	b/c that also opens up a firewall port for your pc's IP	19:34
nowen	you may lurk away sjoeboo	19:34
*** alamarca (~alamarca@201.246.122.210) has joined #wikid		19:34
myndwire	alright, added a network client for my machine's ip under the same domain, with the same secret	19:35
nowen	after restarting, you can run 'iptables -L -n' and it should show your ip	19:36
myndwire	oh yeah	19:38
myndwire	i'm all over ipt	19:38
myndwire	status: timeout	19:39
myndwire	although the blue-green box actually contains data..	19:39
myndwire	i'd assume those are from the client	19:39
nowen	yes that is the client side	19:41
myndwire	Passcode request processing successfully completed.	19:43
myndwire	got that far	19:43
myndwire	yuck	19:43
myndwire	crap, i'm about to just have the vmware guy just created a copy of this thing	19:47
myndwire	call is 02, nuke the vip i added, bring it up as primary on the other box, and then just do it separately	19:48
nowen	so the radius requests from your PC aren't getting to WiKID?	19:48
myndwire	nosir	19:48
nowen	run: tcpdump -n tcp port ldap	19:49
nowen	on the wikid server and see if they get to the box	19:49
*** sjoeboo has quit (Quit: sjoeboo)		19:49
nowen	also, radius can take a while to actually start despite the "ok"	19:49
nowen	run netstat -anp \| grep 1812 to make sure it is up	19:50
myndwire	yeah its running	19:50
myndwire	no response, tcpdump saw nothing either	19:50
myndwire	weird	19:50
myndwire	wait..lemme do this again	19:50
nowen	the IP is correct?	19:50
myndwire	10.2.21.50	19:51
nowen	you're on the same net?	19:51
myndwire	nah	19:51
myndwire	but these have bi-directional access, at least they should	19:51
myndwire	eh...tough to say coming BACK into where i'm at	19:52
myndwire	but from me to 10.2.21.50, its all open	19:52
nowen	all open for UDP? as well as TCP?	19:53
myndwire	should be yeh	19:53
nowen	hmm. can you get out from the wikid server? can you ssh somewhere else?	19:53
myndwire	just nmap'd -- wide open to wikid yeh	19:54
nowen	huh - but then why no radius packets?	19:54
myndwire	i can ssh into another machine on this network from wikid	19:54
myndwire	its prolly this silly client	19:54
myndwire	server 1.2.21.50	19:55
myndwire	sharedsec: same as mine	19:55
myndwire	authpt - 1812	19:55
nowen	1.2.21.50?	19:55
myndwire	10.2.21.50	19:55
myndwire	sorry	19:55
myndwire	disco/coa port - 3799 (nowhere to set that -- remove?)	19:55
myndwire	timeout 3	19:56
myndwire	ret: 2	19:56
myndwire	ws auth key blank	19:56
myndwire	plus -- network client in wikid for 10.15.18.xxx (my machine)	19:57
myndwire	radius, sharedsec, etc	19:57
myndwire	restarted	19:57
nowen	i don't know what the CoA port is. mine is 1700, which was the default	19:57
nowen	do you have anti-spyware on your pc?	19:57
myndwire	strange, totally different default	19:57
myndwire	nah	19:57
myndwire	nothing that'd affect my network connection	19:58
nowen	here's another one if you want: http://www.novell.com/coolsolutions/tools/14377.html	19:58
myndwire	crap	19:58
myndwire	ntradping	20:00
myndwire	nice...	20:00
myndwire	aw wtf	20:01
myndwire	10.2.21.50:1812	20:02
myndwire	same shared sec	20:02
myndwire	http://xq3.net/~myndwire/friggin_radius.png	20:04
nowen	i get a 404 on that	20:05
myndwire	oops	20:05
myndwire	ok go	20:06
myndwire	should be ok now	20:06
myndwire	winscp sucks at tossing files where i want 'em	20:06
nowen	is your PC listed in iptables?	20:06
myndwire	ACCEPT tcp -- 10.15.18.174 0.0.0.0/0 state NEW tcp dpt:49	20:07
myndwire	ACCEPT tcp -- 10.15.18.174 0.0.0.0/0 state NEW tcp dpt:8388	20:07
myndwire	ACCEPT udp -- 10.15.18.174 0.0.0.0/0 state NEW udp dpt:1813	20:07
myndwire	ACCEPT tcp -- 10.15.18.174 0.0.0.0/0 state NEW tcp dpt:1813	20:07
myndwire	ACCEPT udp -- 10.15.18.174 0.0.0.0/0 state NEW udp dpt:1812	20:07
myndwire	ACCEPT tcp -- 10.15.18.174 0.0.0.0/0 state NEW tcp dpt:1812	20:07
myndwire	ACCEPT tcp -- 10.15.18.174 0.0.0.0/0 state NEW tcp dpt:10389	20:07
myndwire	yeah i'm in 'ere	20:07
myndwire	ACCEPT tcp -- 10.15.18.174 0.0.0.0/0 state NEW tcp dpt:636	20:08
nowen	I'm at a loss. seems like a networking issue	20:15
myndwire	oh, my bad...	20:16
myndwire	1812/tcp filtered unknown	20:16
myndwire	sorry about that	20:16
myndwire	it is	20:16
nowen	hehe	20:16
myndwire	they must've explicity filtered that one	20:16
myndwire	surprise to me, but most everything is wide open	20:17
myndwire	perhaps i'll just have him dupe the current vm	20:17
myndwire	play with that for a bit	20:17
myndwire	way simpler to just init 0 this bizatch and just clone it real quick	20:19
myndwire	move my iface files around	20:20
myndwire	poof	20:20
nowen	that's the beauty of vmware	20:20
myndwire	hehe yep	20:23
myndwire	so when i've got these up, i'll change my network client to be 10.2.21.51	20:30
myndwire	i'm guessing i also will configure /etc/raddb/server to be the new ip too, but on the local wikid box	20:30
nowen	if the new box will be the freenx box, configure /etc/raddb/server there, along with pam_radius	20:31
myndwire	change the client's actual server ip	20:31
myndwire	cool	20:31
myndwire	the new one will actually be a clone of this one	20:31
myndwire	so it'll already be there, just need configured	20:31
myndwire	i'll rip wikid off of it later	20:32
myndwire	hah...there we go. firing up auth02	20:40
*** myndwire has parted #wikid (None)		21:50
*** nowen has quit (Quit: Leaving.)		22:24
*** alamarca has quit (Ping timeout: 252 seconds)		22:57
*** alamarca (~alamarca@201.246.122.210) has joined #wikid		23:10

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!