| *** Lake_Lurker (~Just@h50.15.30.71.dynamic.ip.windstream.net) has joined #wikid | 10:45 | |
| *** Lake_Lurker has parted #wikid (None) | 10:45 | |
| *** micah_ has quit (Quit: Page closed) | 12:52 | |
| *** nowen (~nowen@adsl-98-66-165-16.asm.bellsouth.net) has joined #wikid | 13:07 | |
| *** PC__ (480ca40a@gateway/web/freenode/ip.72.12.164.10) has joined #wikid | 14:38 | |
| PC__ | Good Day Folks.. | 14:39 |
|---|---|---|
| PC__ | I have a quick question about the Wikid Database. | 14:41 |
| nowen | ok | 14:49 |
| PC__ | Is there a way to access its database via MySQL Workbench? | 14:49 |
| nowen | not sure, it is postgres | 14:50 |
| PC__ | ohhh ok so not MySQL then.. | 14:50 |
| nowen | what do you need to do? | 14:50 |
| PC__ | bare with me I'm going back and forth between you and our DBAdmin here to find out what data he is trying to pull from it. | 14:51 |
| *** micah (4a5590fd@gateway/web/freenode/ip.74.85.144.253) has joined #wikid | 14:51 | |
| PC__ | He is trying to programmatically access the data in order to pull stats about which users are setup in the system. | 14:53 |
| nowen | has he seen the API? | 14:53 |
| PC__ | Nope I don't think so. | 14:53 |
| nowen | or the WiKIDAdmin webui? | 14:53 |
| PC__ | Yes he has connected to the Wikid Webui but | 14:54 |
| PC__ | he is trying to find a programatic way to extract data from the Wikid Database and put it into his SQL database | 14:55 |
| PC__ | for internal reporting of our corporate environment. | 14:55 |
| PC__ | So he just needs to get some kind of hook into it, are their some API tools I can provide? | 14:55 |
| nowen | what programming language does he like? | 14:55 |
| PC__ | VB.net and ASP. | 14:56 |
| nowen | http://www.wikidsystems.com/downloads/network-clients | 14:56 |
| nowen | hmm, actually, there is an update for that that I need to post | 14:59 |
| PC__ | I was wondering as these API's are mainly for developing custom web applications for two factor | 15:00 |
| nowen | yes, that's true. He might prefer to use a postgresql tool | 15:00 |
| PC__ | authentication, while we are using a custom web AP we are not looking at adding two factor authentication to it but simply | 15:00 |
| PC__ | to pull data from the database. | 15:00 |
| nowen | http://wiki.postgresql.org/wiki/Community_Guide_to_PostgreSQL_GUI_Tools | 15:04 |
| PC__ | Thank you, for access would we use the WikidAdmin WebGUI account or the Centos Root account? | 15:06 |
| nowen | centos root | 15:09 |
| nowen | you might also need to change the trust settings in postgres. not sure that this is a great idea security wise | 15:11 |
| PC__ | I know.. I will inform them, I figured that we would simply need to great another | 15:13 |
| PC__ | PostgreSQL account with just read access for this, don't like the idea of the root account being used when all we need | 15:13 |
| PC__ | is simply read rights to the database. | 15:13 |
| PC__ | Does Postgres have something like PhPMyAdmin that allowed for creating basic accounts in the database? | 15:14 |
| nowen | I'm not sure if phpMyAdmin supports postgres, but I highly recommend against installing it on the WiKID server | 15:16 |
| PC__ | okay.. | 15:16 |
| PC__ | so basically there is no way of creating a basic database account to be used by postgres tools for read access to the db? | 15:17 |
| nowen | you can add a user to the /var/lib/pgsql/data/pg_hba.conf and a network to trust | 15:21 |
| nowen | so, a line like: host wikid username 192.169.0.124 trust | 15:29 |
| nowen | where the ip is the the dba's ip | 15:29 |
| PC__ | Ok thank you for your help. | 15:29 |
| nowen | PC__: let me know what info you want and we can put in a feature request | 15:49 |
| *** alamarca (404c9302@gateway/web/freenode/ip.64.76.147.2) has joined #wikid | 16:03 | |
| Seamus_ | Hello | 16:05 |
| nowen | hello Seamus_ | 16:05 |
| nowen | Seamus_: will you run 'tcpdump -n tcp port radius' on your wikid box and try to auth. I want to make sure that the radius packets are getting to your wikid server and that they are coming from the expected ip | 16:07 |
| Seamus_ | wow you read my mind was just going to do that they are, but here. | 16:08 |
| nowen | what IP address do you have for the network client? | 16:11 |
| Seamus_ | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 09:11:10.084185 IP 172.20.8.19.tdp-suite > 172.20.8.18.radius: RADIUS, Access Request (1), id: 0x4b length: 100 | 16:11 |
| Seamus_ | 192.168.123.157 | 16:12 |
| Seamus_ | Also I put 172.20.8.19 in there for a client too | 16:13 |
| Seamus_ | so iptables is allowing it | 16:13 |
| nowen | delete the 192.168.123.157 or use that network. I suspect the wikid server is confused by the networking | 16:13 |
| Seamus_ | ok | 16:14 |
| nowen | and restart wikid | 16:15 |
| Seamus_ | Ok I only have one network client 172.20.8.19 which is the natted ip of the freeradius server | 16:19 |
| Seamus_ | still getting this Marking home server 172.20.8.18 port 1812 as zombie (it looks like it is dead). | 16:20 |
| Seamus_ | could it be freeradius thats the problem? | 16:20 |
| nowen | it might take some time for the listener to come up | 16:20 |
| Seamus_ | k | 16:20 |
| nowen | what does netstat show? | 16:20 |
| Seamus_ | hm | 16:22 |
| Seamus_ | ERROR: Failed to find live home server for realm NULL There was no response configured: rejecting request 2 Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> scranley attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 2 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reje | 16:22 |
| Seamus_ | heres netstat | 16:22 |
| Seamus_ | [root@wikid ~]# netstat -an | grep 1812 udp 0 0 :::1812 :::* | 16:22 |
| Seamus_ | sorry for being a pain | 16:22 |
| nowen | ok, so netstat is listening. is there anything in the WiKIDAdmin logs? | 16:23 |
| Seamus_ | what directory is that | 16:23 |
| nowen | it is the web ui | 16:23 |
| Seamus_ | ah ok | 16:24 |
| Seamus_ | hm still trying to load those logs hold on | 16:26 |
| Seamus_ | 2011-07-07 09:17:47.087ERRORcom.wikidsystems.client.wClientERROR: java.net.ConnectException: Connection refused | 16:26 |
| Seamus_ | Theres two of those in there | 16:28 |
| Seamus_ | Should I just reinstall wikid? | 16:30 |
| nowen | no | 16:30 |
| nowen | on the configure loggers page, can you set the three middle loggers to debug | 16:31 |
| nowen | oh, also on that error message, there should be a little bomb icon. click it for the full stack trace | 16:32 |
| nowen | let me know what is in that trace. post it to http://pastebin.com if you like | 16:40 |
| Seamus_ | http://pastebin.com/mBtkWisG | 16:55 |
| Seamus_ | the logger seems to stop logging, I see the connection come in | 16:55 |
| Seamus_ | maybe it's just dead and not getting anything, ah who knows | 16:55 |
| Seamus_ | It's still listening on the port though | 16:56 |
| nowen | ok - next to the " com.wikidsystems.radius.accounting.PlainAccountingImpl Accounting logs set up. 2011-07-07 09:41:58.333 ERROR " do you see a little bomb icon? | 16:56 |
| Seamus_ | no but I'll try it on a different computer, im on a whack computer its ubuntu on powerpc it's screws java sometimes | 16:57 |
| Seamus_ | Ok im still not seeing the little bomb icon, just filter icons. | 17:01 |
| nowen | hmm | 17:01 |
| nowen | ok - did you set the loggers to debug? | 17:01 |
| Seamus_ | yes | 17:01 |
| Seamus_ | There's debug info there | 17:01 |
| Seamus_ | checking loggers again | 17:01 |
| *** PC__ has quit (Quit: Page closed) | 17:02 | |
| Seamus_ | yeah all three of the middle ones are set to debug | 17:02 |
| nowen | ok, run a request again | 17:02 |
| Seamus_ | ok I ran the request again, i'm not getting much in the logs | 17:27 |
| Seamus_ | 2011-07-07 10:20:55.701DEBUGcom.wikidsystems.log.CentralLoggerListening for logging client connections... 2011-07-07 10:20:55.691DEBUGcom.wikidsystems.log.CentralLoggerGot log client connection from:/127.0.0.1:/127.0.0.1:52146 | 17:27 |
| Seamus_ | I restarted wikid and I got that in the logs | 17:27 |
| Seamus_ | I been running the requests but nothing comes up now | 17:27 |
| nowen | do you see the OTP request? | 17:27 |
| nowen | something like: Issued passcode to device -7003908270755189518 | 17:29 |
| Seamus_ | Maybe I should use a different computer | 17:33 |
| Seamus_ | for wikid | 17:33 |
| nowen | do you not see a log entry when you get an OTP? | 17:33 |
| Seamus_ | I don't see anything | 17:33 |
| Seamus_ | no OTP requests | 17:33 |
| Seamus_ | These are the last two entries | 17:34 |
| nowen | ok,well | 17:34 |
| Seamus_ | 2011-07-07 10:20:55.701DEBUGcom.wikidsystems.log.CentralLoggerListening for logging client connections... 2011-07-07 10:20:55.691DEBUGcom.wikidsystems.log.CentralLoggerGot log client connection from:/127.0.0.1:/127.0.0.1:52146 | 17:34 |
| nowen | maybe it is best to start over. not sure what is doing on | 17:35 |
| Seamus_ | k | 17:35 |
| nowen | going | 17:35 |
| Seamus_ | I'll reinstall it | 17:35 |
| Seamus_ | whats the newest version? | 17:35 |
| nowen | 3.4.87-b839 | 17:35 |
| Seamus_ | ok thanks | 17:36 |
| nowen | is that what you have? | 17:36 |
| Seamus_ | I have wikid-server-enterprise-3.4.0-b3115 | 17:36 |
| nowen | hmm | 17:37 |
| nowen | maybe you can just update via the RPM | 17:37 |
| Seamus_ | ok I'll try it | 17:37 |
| nowen | http://wikidsystems-dl.com/wikid-server-enterprise-3.4.87.b839-1.noarch.rpm | 17:37 |
| Seamus_ | ok its upgraded trying it ou | 17:43 |
| Seamus_ | ah the bombs are there now | 17:45 |
| nowen | well, I guess that is progress | 17:45 |
| Seamus_ | ah lol their on apache though. | 17:46 |
| Seamus_ | org.apache.catalina.session.ManagerBase | 17:46 |
| Seamus_ | I'll try to do a radius request | 17:46 |
| nowen | yeah, you should see the OTP request in the logs | 18:09 |
| Seamus_ | ah well it's not working out, i'll try some different hardware. | 18:19 |
| Seamus_ | I don't see any OTP requests | 18:20 |
| nowen | but you get the passcode on the token with no problem? | 18:20 |
| Seamus_ | yes | 18:21 |
| Seamus_ | that works great | 18:21 |
| nowen | do you have the 'log level' set to debug? | 18:21 |
| Seamus_ | yep | 18:21 |
| Seamus_ | on the admin interface the log level is set to debug | 18:21 |
| Seamus_ | on the three middle things | 18:22 |
| nowen | did you install from the iso? | 18:22 |
| Seamus_ | yeah | 18:23 |
| Seamus_ | these are set to debug | 18:23 |
| Seamus_ | com.wikidsystems com.wikidsystems.client.wClient com.wikidsystems.server.wAuth | 18:23 |
| nowen | odd | 18:23 |
| nowen | ok, want the link for the latest iso? | 18:23 |
| Seamus_ | sure thanks | 18:24 |
| nowen | http://wikidsystems-dl.com/wikid-enterprise-3.4.87-b839-install.iso | 18:25 |
| *** Ken_ (a5bd4b01@gateway/web/freenode/ip.165.189.75.1) has joined #wikid | 19:10 | |
| Ken_ | Greetings Owen | 19:10 |
| nowen | hi | 19:11 |
| nowen | welcome back | 19:11 |
| Ken_ | Thanks, | 19:11 |
| Ken_ | Any updates of late? | 19:11 |
| nowen | hmm. some additions to the wauth api | 19:12 |
| Ken_ | We are still piloting and things are not moving very fast here. | 19:12 |
| nowen | lol | 19:12 |
| nowen | are you having any issues? | 19:12 |
| nowen | with wikid or otherwise | 19:12 |
| Ken_ | Not really. There is one bug with the Android client where when you first enroll you cannot get to the PIN entry screen until you open the app and enter the password for the local database | 19:14 |
| nowen | android client is going to be re-written, hopefully real soon | 19:14 |
| Ken_ | Excellent. We are running 3.4.62-b445 is this the latest build? | 19:15 |
| nowen | not quite, there is an update | 19:15 |
| nowen | http://www.wikidsystems.com/downloads/changelogs/enterprise-changelog | 19:16 |
| Ken_ | Is there a delta or do I need to install the full version | 19:17 |
| nowen | just grab the rpms and 'rpm -Uvh wikid-server...' it will update you | 19:19 |
| Ken_ | Went well. Best regards Owen | 19:50 |
| nowen | excellent | 19:50 |
| *** Ken_ has quit (Quit: Page closed) | 19:51 | |
| *** GregM (42bab28c@gateway/web/freenode/ip.66.186.178.140) has joined #wikid | 20:12 | |
| nowen | welcome GregM | 20:13 |
| GregM | Hi Thanks | 20:13 |
| GregM | I'm going to install the ISO in a VM on ESXi, any particular Linux disto I should select for the VM? | 20:13 |
| nowen | redhat 32 is best | 20:14 |
| nowen | also, just responded to your email | 20:15 |
| GregM | yep got it, thanks | 20:16 |
| GregM | so 1 proc, 1 GB of RAM and 2 nics should do it? | 20:16 |
| nowen | yes, more than enough, I suspect | 20:16 |
| GregM | sorry for all these hardware questions but I could find the requirements | 20:17 |
| nowen | hmm | 20:17 |
| GregM | how much drive space do I need? | 20:18 |
| nowen | not much, I would say 20 gigs | 20:18 |
| nowen | the only thing that can take up space is the logs | 20:18 |
| GregM | gotcha | 20:19 |
| GregM | is there config settings for log rotation? | 20:20 |
| nowen | no, but there is an archive option | 20:20 |
| GregM | that works, are people outputting logs to a syslog server? It would be nice to send them to my SIEM | 20:22 |
| nowen | yes that is doable | 20:22 |
| GregM | nice, thanks for your help, install is running... | 20:23 |
| nowen | oh - yes. you have to type 'install' at the boot prompt. | 20:23 |
| nowen | I forget why, but I think it has to do with our aborted attempt at a live cd | 20:24 |
| GregM | hmm partitioning failed? | 20:25 |
| nowen | really? | 20:25 |
| GregM | yeah says not enough space left to create partition for / | 20:28 |
| nowen | did you type 'install' at the boot prompt? | 20:29 |
| GregM | I did | 20:30 |
| nowen | hmm | 20:33 |
| GregM | strange, let me blow away the VM and start over | 20:33 |
| nowen | yeah | 20:34 |
| nowen | odd | 20:34 |
| GregM | got | 20:37 |
| GregM | it | 20:37 |
| nowen | great | 20:38 |
| GregM | I selected CentOS instead of RHEL and I defaults to a different SCSI controller | 20:38 |
| GregM | RHEL defaults to the paravirtual Cent to the LSI, that must have been the issue | 20:38 |
| GregM | I'm out, thanks for your help :-) | 20:44 |
| nowen | ok - later :) | 20:45 |
| *** GregM has quit (Quit: Page closed) | 20:45 | |
| *** micah has quit (Quit: Page closed) | 21:00 | |
| Seamus_ | ok nick it's working now | 21:32 |
| nowen | haha nice | 21:32 |
| Seamus_ | Guess the reinstall fixed whatever it was | 21:32 |
| Seamus_ | :P | 21:32 |
| nowen | sometimes it is good to start fresh | 21:32 |
| Seamus_ | yeah | 21:33 |
| Seamus_ | that problem was a bugger. | 21:33 |
| Seamus_ | The radius is logging all pretty and stuff | 21:33 |
| nowen | lol. good and it's authenticating too? | 21:34 |
| Seamus_ | While I have you here, was wondering just for SnG how big of a load can wikid handle like requests per second | 21:34 |
| Seamus_ | Yeah its Authenticating too | 21:34 |
| nowen | ~20-30 depending the hardare | 21:34 |
| Seamus_ | ah so I couldn't setup some kinda mmorpg authenication setup eh | 21:35 |
| nowen | hehe, yes | 21:35 |
| Seamus_ | like where thousands of people are using two-factor | 21:35 |
| Seamus_ | How does blizzard do it then | 21:35 |
| nowen | certainly | 21:35 |
| nowen | not sure. bigger hardware probably | 21:36 |
| Seamus_ | k | 21:36 |
| Seamus_ | but I can load balance wikid though right? | 21:36 |
| nowen | you could via HA and a virtual IP address. or you can segment users across servers without their knowledge | 21:37 |
| Seamus_ | ah ok nice | 21:37 |
| nowen | our next product will support global load balancing via web services | 21:37 |
| Seamus_ | cool man | 21:38 |
| Seamus_ | talk to you later | 21:38 |
| nowen | later | 21:39 |
| Seamus_ | Gotta go get some food | 21:39 |
| *** Seamus_ has quit (Quit: Page closed) | 21:39 | |
| *** nowen has parted #wikid (None) | 22:12 | |
| *** jason (18a6507b@gateway/web/freenode/ip.24.166.80.123) has joined #wikid | 23:13 | |
| *** jason is now known as Guest80546 | 23:13 | |
| Guest80546 | Hi, my wikid server had a hard shutdown today, and now the network connectivity is hosed. I can sometimes ping servers, sometimes not, nothing can ping the wikid box | 23:13 |
| Guest80546 | is there a way to do a repair installation? | 23:14 |
| Guest80546 | I've tried another NIC, same issue. Different cords as well | 23:14 |
| *** Guest80546 has quit (Quit: Page closed) | 23:25 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!