Monday, 2011-05-16

« Sunday, 2011-05-15 Index Tuesday, 2011-05-17 »
*** Withoutaname has quit (Quit: QUICK! Look up! You'll see the word gullible.)07:17
*** nowen (~nowen@adsl-74-176-209-220.asm.bellsouth.net) has joined #wikid12:20
nowengood morning12:44
*** Ian___ (5246e719@gateway/web/freenode/ip.82.70.231.25) has joined #wikid13:33
Ian___Hi, just having a couple of problems with setting up a test account with Wikid & XenApp13:34
nowenok13:54
nowenwhat's going on?13:54
Ian___hi sorry13:59
Ian___the passcode dialog shows up fine on the xenapp login13:59
nowennp14:00
nowenok14:00
Ian___the passcode is generated from my iphone14:00
nowenare you using radius?14:00
Ian___yes radius14:00
Ian___"An authentication error occurred. Contact your system administrator. Log ID: 2f30b874"14:01
nowenthat's on the xenapp side?14:01
Ian___the log on the wikid server is suggesting the result has returned falst.14:01
Ian___(false even)14:01
Ian___yes sorry14:01
nowenwhat's the last entry in the WiKIDAdmin logs?  be sure to set the log level to debug and hit the filter button14:02
Ian___Check returned false14:03
nowenis the user enabled in WiKID?14:03
Ian___yes they're showing up as enabled14:03
nowenhmm.  and do you also see the passcode request in the WiKIDAdmin logs?14:04
Ian___yes14:04
Ian___ahh the NAS-IP-Address, should that point to our xenapp box?14:05
nowenyes!14:05
Ian___hmm - strange, the first part of the log states the NAS-Identifier and NAS-IP-Address is 150.50 which is our wikid server, however14:06
Ian___NASip looks to be pointing to 150.72 which is the citrix server.14:06
nowenthis is all on the WiKID server?14:06
Ian___no, the xenapp server is 150.72, the wikid server is on 150.50.14:07
nowenyour WiKID network client is using 150.72, correct?14:07
Ian___(sorry when you said is it all on the wikid server do you mean the log output? if so yes)14:07
nowen(yes)14:07
Ian___The network client is 150.72 yes.14:07
nowenok - on the Configure Loggers page, put the middle three loggers to debug and try again14:08
nowenmore data should help14:09
Ian___okay two seconds14:10
Ian___the output is similar, doesn't look like turning on the debug option has worked, I presume i just click log, make sure the drop downs are set to debug, click apply and try again?14:13
nowenyes, be sure that the log level is still debug  - you also have to attempt to log in again.14:14
Ian___hmm14:19
Ian___well14:19
Ian___I'm getting the following14:19
Ian___Message-Authenticator (80), Length: 18 Data: xxxxxxx,xxxxxxxxxx14:19
nowenis there an error?14:21
Ian___no, just the same again,14:21
Ian___Check Returned false14:21
nowenthat's all that is there? the Message-Authenticator line?14:22
nowenno xml info?14:22
Ian___Message-Autnenticator, then Username, Userpassword, Nas-Identifier, NAS-IP-Address, Nasip, then PAP Request, passcode, checking and the finally check returned false14:23
nowendoes all the info look correct?14:23
Ian___Just trying to figure out a way of posting hte output - the machine is virtual so there is no copy and paste from the machine.14:23
Ian___yes it does14:24
Ian___I've just checked the input twice.14:24
Ian___if i've specified a full email@domain.com14:24
Ian___should that appear in the checking section14:24
Ian___so for instance14:24
nowenis that the user name in WiKID also?14:24
Ian___yes14:25
Ian___but it looks like its dropped off the @domain.com part in the log?14:25
nowenyes, so you might have to specifically tell xenapp not to do that14:25
nowenor change the username in wikid14:26
Ian___ahh okay14:26
nowenwhile it depends on the system, I think stripping the domain is the default for radius14:28
Ian___will have a look at it and let you know how i get on14:29
nowenyes, please do14:31
Ian___well15:03
Ian___we've recreated the user so within wikid the username is firstname.lastname15:04
Ian___the login via the citrix web frontend is firstname.lastname@domain.com15:04
Ian___which is passing through as ian.gibbons:passcode:serverid15:05
Ian___its returning Check returned true15:05
Ian___which is progress but we're still not being logged in from the citrix side of things15:05
nowenhmm15:06
nowenI'm not very familiar with citrix15:06
nowenis there some authorization piece that is missing?15:06
Ian___I don't think so15:07
nowendid it work before you set up WiKID?15:07
Ian___before radius was enabled we could login using our domain credentials15:07
Ian___yes it did15:07
nowenany logging on the citrix side?15:08
Ian___just finding out now15:09
*** alamarca (~alamarca@201.246.110.33) has joined #wikid16:10
*** alamarca has quit (Client Quit)16:11
*** alamarca (~alamarca@201.246.110.33) has joined #wikid16:16
*** alamarca has quit (Ping timeout: 246 seconds)19:57
*** alamarca_ (~alamarca@201.246.110.33) has joined #wikid19:57
*** alamarca_ has quit (Client Quit)20:01
*** alamarca (~alamarca@201.246.110.33) has joined #wikid20:18
*** alamarca has quit (Ping timeout: 260 seconds)20:26
*** alamarca (~alamarca@201.246.110.33) has joined #wikid20:30
*** Phil_ (1813cd83@gateway/web/freenode/ip.24.19.205.131) has joined #wikid20:59
Phil_I am looking for a solution for 2 factor auth which integrates with Watchguard XTM.  Can I use WIKID for this?20:59
nowenyes21:00
nowenvia radius21:00
Phil_Is the setup difficult?  I have done windows radius setups before?21:01
nowennot too difficult.  While the server is based on LInux, you don't need to know it to get it setup.  it is really an "appliance"21:02
nowenjust you run it on your own hardware/vm21:02
Phil_So how does it basically work.  Does the end user have something like a key or certificate?21:03
nowenyes, they get a software token on their PC or wireless device21:03
Phil_And the pricing.  Is that really more about support?  1 year vs 3 year ...21:05
nowenyes, support, updates, feeding my children ;)21:06
Phil_Seems fair and I certainly don't want you children to starve.  Thank you for you help.  Phil.21:06
nowenhehe, please feel free to download the iso and play with it21:07
Phil_Thank you.  I will take a look at it.21:07
*** Phil_ has quit (Quit: Page closed)21:11
nowenhmm. just realized that I mis-answered Phil's question. I bet he was asking the difference b/t the two versions21:12
*** alamarca_ (~alamarca@201.246.65.162) has joined #wikid21:19
*** alamarca has quit (Ping timeout: 240 seconds)21:21
*** Dan__ (ada06522@gateway/web/freenode/ip.173.160.101.34) has joined #wikid21:33
*** alamarca_ has quit ()21:34
Dan__Anyone up for a Wikid question?21:34
nowensure21:35
Dan__I'm installing behind a firewall.  What ports do I need to open for the clients?21:35
nowen8021:35
nowenwe use asymmetric encryption, so no need for 44321:36
Dan__Simple enough21:36
*** alamarca (~alamarca@201.246.65.162) has joined #wikid21:36
nowenalso, you can Nat the IP of the wikid server, but use the external IP for the domain identifier21:36
Dan__That brings me to my second question, is there a way to not use the IP as the domain id? The external IP will be changing in a few days.21:37
nowenwe can also create an entry in our dns system.  Or, if you are using only PC tokens, you can set the default DNS in the jw.properties file21:38
Dan__How would I go about getting the entry in your dns system? That sounds like the solution. That way when the IP changes we can change it right?21:38
nowenyes21:38
Dan__How do I do that?21:40
nowenit might take a while for it to propogate21:40
nowengive me the IP address and I will make the entry21:41
Dan__173.160.101.3621:41
*** alamarca has quit (Ping timeout: 264 seconds)21:43
*** alamarca (~alamarca@201.246.65.162) has joined #wikid21:51
*** Dan__ has quit (Quit: Page closed)21:52
*** alamarca has quit (Ping timeout: 252 seconds)22:09
nowenuh oh, where did dan go?22:12
*** nowen has quit (Quit: Leaving.)22:30
« Sunday, 2011-05-15 Index Tuesday, 2011-05-17 »

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!