| *** Embalmed has quit (Remote host closed the connection) | 07:32 | |
| *** Embalmed (embalmed@204.188.217.2) has joined #wikid | 07:34 | |
| *** Lake_Lurker (~Just@h158.165.17.98.dynamic.ip.windstream.net) has joined #wikid | 11:40 | |
| *** Lake_Lurker has parted #wikid (None) | 11:40 | |
| *** Lake_Lurker (~Just@h158.165.17.98.dynamic.ip.windstream.net) has joined #wikid | 12:15 | |
| *** Lake_Lurker has parted #wikid (None) | 12:15 | |
| *** nowen (~nowen@adsl-74-176-212-133.asm.bellsouth.net) has joined #wikid | 12:53 | |
| *** evilbit (~hhoffman@n1-24-85.dhcp.drexel.edu) has joined #wikid | 13:47 | |
| evilbit | morning | 13:47 |
|---|---|---|
| nowen | hi | 13:47 |
| evilbit | is there a trial of the wikid server in ovf format? Or should I just figure out how to convert the vmware images? | 13:48 |
| nowen | hmm. we have an .ova, does that work? | 13:50 |
| evilbit | unsure... virtualbox's import function specifies ovf | 13:50 |
| evilbit | I can grab the ova and see | 13:50 |
| nowen | i created it with virtual box, so I think it will work | 13:50 |
| nowen | you can also use the .iso | 13:50 |
| evilbit | also, it'd be nice not to have to "register" each time I try to download | 13:51 |
| evilbit | ah, I see the twitter option... can I get a direct link plz? | 13:51 |
| nowen | sure | 13:52 |
| evilbit | thx | 13:52 |
| nowen | http://wikidsystems-dl.com/WiKID_Server_Enterprise-3.4.87.b924.virtual.ova.zip | 13:52 |
| evilbit | is this a live iso or a installer? if installer how large of a virtual disk do i need? | 13:53 |
| nowen | the ova is set for a 16 gb disk, iirc | 13:54 |
| evilbit | cool, thx | 13:54 |
| nowen | you can do smaller for testing | 13:54 |
| evilbit | yeah, right now it's more proof of concept | 13:54 |
| evilbit | what's the radius server included? | 13:54 |
| nowen | it is not really a radius 'server' but a plugin that allows wikid to talk radius | 13:55 |
| evilbit | the ova seems to import just fine :-) | 13:55 |
| nowen | good | 13:55 |
| evilbit | oh, is it jradius or something else? | 13:55 |
| evilbit | the website made it sound like it was running a radius server locally. So, I can tie into our radius infrastructure then/ | 13:56 |
| evilbit | s/\//?/ | 13:56 |
| nowen | no, axl radius | 13:58 |
| nowen | you can tie it into your radius setup. just proxy auth requests to it | 13:58 |
| nowen | what radius server are you running? | 13:58 |
| evilbit | freeradius | 13:59 |
| nowen | take a look at this: http://www.howtoforge.com/configuring-ssh-to-use-freeradius-and-wikid-for-two-factor-authentication | 14:00 |
| nowen | in particular: "Finally, add the WiKID Strong Authentication server as a valid proxy in proxy.conf:" | 14:00 |
| evilbit | cool, thx | 14:00 |
| nowen | that is just for ssh, but it holds for any service really | 14:01 |
| evilbit | first I'll get this up and running ;-) | 14:01 |
| nowen | did you see the cheat sheet? http://www.wikidsystems.com/support/wikid-support-center/installation-how-tos/wikid-quickstart-installation-cheatsheet-version-3.x | 14:01 |
| evilbit | <sigh> nothing's ever easy. think I'll just grab vmplayer and try that.</sigh> thanks for the pointer to the cheatsheet! | 14:09 |
| nowen | what happened? the ova didn't work? | 14:09 |
| evilbit | it's bitching about networking and usb even though I just installed the extension pack and rebuild the dkms modules. I shouldn't need to but perhaps I'll reboot and see if things "work". biab | 14:10 |
| nowen | hmm | 14:10 |
| nowen | networking was configured for bridged, iirc. usb should have been default | 14:10 |
| evilbit | I don't think it's your image as it imported just fine. but i just installed vbox. I'll blame it on oracle ;-) | 14:11 |
| evilbit | always worked when it was just sun! | 14:11 |
| evilbit | ok brb | 14:11 |
| *** evilbit has parted #wikid (None) | 14:11 | |
| *** evilbit (~hhoffman@n1-24-85.dhcp.drexel.edu) has joined #wikid | 14:15 | |
| evilbit | well, I'll be... now I feel like I'm running windows... system's booting up now | 14:15 |
| evilbit | ok, question 1... for step 9 of the cheat sheet. the domain is internet domain name? | 14:30 |
| nowen | no, the WiKID domain | 14:31 |
| evilbit | and what if the device's domain is a 3 level and the drexel is 2 level? | 14:31 |
| evilbit | oh, then I'm confused | 14:31 |
| evilbit | domain means what in this circumstance? | 14:31 |
| nowen | it was a poor choice of words perhaps, but what else to use? it is the name on the token | 14:32 |
| evilbit | ah, ok... but it presumably should be meaningful. Should it be the same as the O= in the cert? | 14:32 |
| nowen | so you might use "VPN" or "IT Infrastructure" | 14:32 |
| evilbit | ok | 14:33 |
| nowen | no, it can be anythink | 14:33 |
| nowen | s/g/k | 14:33 |
| evilbit | I guess it doesn't matter since it's just a test instance anyways | 14:33 |
| evilbit | and the device domain name? | 14:33 |
| evilbit | is that fqdn of the device? | 14:34 |
| evilbit | is does it actually mean domain identifier (zero padded ip addr) as the docs seem to indicate? | 14:35 |
| nowen | the device name can be the same | 14:38 |
| nowen | so, you can have a name on the server that says "stupid users domain" and on the device it says "Executive VPN" | 14:39 |
| evilbit | ok... the cheetsheat doesn't follow along with the actual web app so sorry about hte questions... what should the registered url be? | 14:41 |
| nowen | np | 14:41 |
| nowen | leave it empty | 14:41 |
| nowen | it is for mutual https authentication | 14:41 |
| evilbit | and server code? | 14:41 |
| evilbit | ah, gotcha | 14:41 |
| evilbit | is the padded ip? | 14:42 |
| nowen | yes | 14:47 |
| evilbit | yeah, just found the videos :-) | 14:47 |
| evilbit | ok, I'm on linux... do I actually want the wikidtoken-3.1.15-installer.jar token? or just the .jar token? | 14:54 |
| nowen | either one, the .jar is fine | 14:54 |
| evilbit | cool | 14:54 |
| nowen | i usually run mine from the command line, so I like the jar | 14:55 |
| nowen | but i run a few from the command line so it helps | 14:55 |
| evilbit | yeah, I'm cmdline too... am I expect the jar to start a gui? | 14:56 |
| evilbit | it seems to be running but I don't see anything happening | 14:56 |
| nowen | yes, though there is a command line option | 14:56 |
| nowen | search the site. also there is a python version - google for pywikid | 14:56 |
| evilbit | hmm, it seems to be fedora not the jar file :-/ | 14:56 |
| evilbit | ugh... is there a way to get the cmd line options to this jar? | 15:01 |
| nowen | java -cp wikidtoken-xxx.jar:jwcl.jar com.wikidsystems.jw.JWcl <domainid> | 15:02 |
| nowen | http://code.google.com/p/pywikid/ | 15:02 |
| evilbit | yeah, found pywikid just didn't feel like finding the libraries to compile it seems to need | 15:02 |
| evilbit | ok, cool. thanks... now have a registration code | 15:04 |
| evilbit | I'd like to setup ldap for authentication... the ldap server is remote so the wauth_host should be the ip addr of the ldap server correct? | 15:10 |
| nowen | what do you mean by 'set up ldap for authentication"? | 15:11 |
| evilbit | ah, just found the ldap doc :-) | 15:11 |
| evilbit | to bind against for users | 15:11 |
| evilbit | it seems I need to create a network client | 15:11 |
| nowen | yes | 15:12 |
| evilbit | hmm, but I want to point to our ldap server not a local one | 15:14 |
| nowen | I'm not sure I follow what you are trying to do | 15:15 |
| nowen | you want a service to authenticate to wikid using ldap? what service? | 15:15 |
| evilbit | well, there's 2 factors right... one is the users' password and the other is the token from wikid, right? | 15:15 |
| nowen | no - one is the PIN the other is the private key embedded in the WiKID token | 15:16 |
| evilbit | oh! | 15:16 |
| nowen | there is no need for an ldap password | 15:16 |
| nowen | in fact, we recommend against using the LAN password in addition to the PIN and OTP. keep it in the lan | 15:16 |
| evilbit | ok | 15:17 |
| nowen | i recommend you play with the example.jsp file next :) | 15:18 |
| evilbit | ok | 15:18 |
| evilbit | so, with a user created is there someplace I can test the passcode? | 15:20 |
| nowen | indeed, on the example.jsp page :) | 15:20 |
| evilbit | aha! | 15:20 |
| evilbit | lol | 15:20 |
| nowen | lol | 15:20 |
| evilbit | umm, where's that located? | 15:21 |
| nowen | http://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-can-i-test-if-the-server-is-working-correctly/?searchterm=example.jsp | 15:21 |
| evilbit | ah, under WiKIDAdmin | 15:21 |
| evilbit | ok, I'm getting a passcode but am being told the user is invalid | 15:28 |
| evilbit | I've changed the passcode on the example.jsp file to match the key | 15:28 |
| nowen | did you register the user? | 15:29 |
| nowen | look under Users/Manually Validate | 15:29 |
| evilbit | yep | 15:29 |
| evilbit | it's me showing under userid | 15:29 |
| nowen | did you change the domain too? | 15:29 |
| nowen | on example.jsp | 15:29 |
| nowen | check the WiKIDAdmin logs - be sure to change the log level to debut | 15:30 |
| nowen | debug | 15:30 |
| evilbit | ok, I'll swing back around to this | 15:37 |
| *** evilbit has parted #wikid (None) | 17:31 | |
| *** nowen has quit (Quit: Leaving.) | 22:12 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!