| *** nowen (~nowen@adsl-74-176-212-133.asm.bellsouth.net) has joined #wikid | 13:17 | |
| *** pam_ (50046092@gateway/web/freenode/ip.80.4.96.146) has joined #wikid | 14:26 | |
| nowen | good morning :) | 14:27 |
|---|---|---|
| pam_ | Hi could someone inform me of the default admin password for apacheDS used by Wikid? | 17:20 |
| nowen | I'll have to check with someone | 17:22 |
| pam_ | Thank You | 17:22 |
| nowen | what's the context? | 17:23 |
| pam_ | Oh Im playing around with Apache Directory Studio and was trying to connect as uid=admin,ou=system. | 17:26 |
| nowen | did you try the default? I feel like there is a warning if you don't change it | 17:27 |
| pam_ | Dont know what the default password is. | 17:28 |
| nowen | I think it is "secret" | 17:28 |
| pam_ | It must have been changed... | 17:29 |
| nowen | try 'changeme' | 17:30 |
| pam_ | changeme did not work either getting the ldap 49 error. | 17:32 |
| nowen | how about "wikidone" | 17:32 |
| * nowen hates ldap | 17:32 | |
| pam_ | Nope same error. Nowen I'm with you on that! BTW can wikid use an external ldap such as 389DS rather than the internal default apacheds? | 17:34 |
| nowen | pam_: we use a portion of apacheds to be able to talk ldap. | 17:35 |
| nowen | so, the idea is that you would use an external ldap server and it would proxy the auth to WiKID | 17:36 |
| nowen | try "2Factor" | 17:36 |
| *** pam_ has quit (Ping timeout: 265 seconds) | 17:38 | |
| *** pam_ (50046092@gateway/web/freenode/ip.80.4.96.146) has joined #wikid | 17:40 | |
| pam_ | Mmm not sure if you got my last message nowen as the irc client appeared to lock. | 17:40 |
| nowen | try "2Factor" | 17:48 |
| pam_ | No 2factor didnt work either. Nowen not to worry it was only to play with, but thanks for your help! | 17:50 |
| nowen | ok, sorry | 17:51 |
| pam_ | No problem Nowen :-) | 17:52 |
| pam_ | Oh would it be the password that was used on the ldap configuration page which asks "LDAP_wauth_pass Passphrase for the Network Client cert above" | 17:54 |
| nowen | hmm. possibly, but I don't think so, that should be the localhost passphrase. no harm in trying | 17:54 |
| pam_ | Nope.. no good... Oh well, Thanks again for your help Nowen! | 17:56 |
| pam_ | Bye | 17:57 |
| nowen | bye | 17:57 |
| *** pam_ has quit (Quit: Page closed) | 17:57 | |
| *** pam_ (50046092@gateway/web/freenode/ip.80.4.96.146) has joined #wikid | 21:30 | |
| pam_ | nowen: We were speaking earlier about apachds admin password. The password I think I need is for Directory Manager would you happen to know what it is set too? | 21:32 |
| nowen | no, 'fraid not | 21:33 |
| nowen | typically, we only support anonymous binds | 21:33 |
| nowen | is it one of the three I mentioned? I assume not | 21:34 |
| pam_ | Ok NP thanks anyway nowen! (secret, changeit and 2Factor did not work) | 21:35 |
| nowen | what about wikidone? | 21:35 |
| pam_ | nope not that either... oh well. | 21:36 |
| nowen | you probably need to set it somehow | 21:36 |
| pam_ | I think your right. Being google'in but haven't found any info as yet. I'll keep on searching. | 21:37 |
| pam_ | nowen: I'm in. For your reference the password is 2Factor after all. I decided to try to logon vi /opt/WiKID/directory/bin/control-panel and it connected. Thanks for your assistance. | 21:43 |
| nowen | nice! | 21:43 |
| *** Flexyz (5551950e@gateway/web/freenode/ip.85.81.149.14) has joined #wikid | 23:09 | |
| Flexyz | Hi | 23:09 |
| nowen | hi | 23:09 |
| Flexyz | Have a quick one - which interface is for the external? | 23:10 |
| nowen | well, you just want one interface for port 80 for the tokens, the internal traffic should have the 443 WiKIDAdmin web ui, radius, etc | 23:11 |
| Flexyz | Oki so I should stop admin access by my firewall - and only allow 80 from outside | 23:13 |
| nowen | yes, that's the best | 23:14 |
| nowen | the tokens use public key encryption, so no need for ssl there | 23:14 |
| Flexyz | oki - and when my token create the domain is has to be the external ip zero'ed or can I use xxxx.yyyy.zz dns | 23:15 |
| nowen | you have to use your IP. You can use your own dns for the PC tokens, if you create a custom jw.properties file | 23:16 |
| nowen | the smart phone tokens use IPs or an entry in wikidsystems.net dns, which we can create for you | 23:16 |
| Flexyz | oki so a customer can get a number ? how many digits | 23:18 |
| nowen | 12 digits | 23:19 |
| nowen | we have a demo domain: 88888888888 | 23:19 |
| nowen | it resolves to 8888888888.wikidsystems.net | 23:19 |
| Flexyz | oki - just currious why dont the token accets | 23:19 |
| Flexyz | sorry | 23:19 |
| Flexyz | accepts a fqdn | 23:20 |
| nowen | well, when we started, we didn't have PC tokens and their weren't smart phones with keyboards. :) | 23:20 |
| nowen | it was all java cell phones | 23:20 |
| nowen | we're working on a new product that will use fqdns | 23:21 |
| Flexyz | ok so be easy right - only the tokens should support it - just much easier to rember and type a fqdn (know it is only first time though) | 23:22 |
| nowen | yes, I agree | 23:22 |
| Flexyz | another thing the second "interface" when setup what is that for - on a box with only one eth | 23:23 |
| nowen | are you using the ISO or the vmware image? | 23:23 |
| Flexyz | iso | 23:23 |
| Flexyz | on virtualbox | 23:24 |
| nowen | I think it just assumes you have two | 23:24 |
| Flexyz | hmm - also on the demos w8 | 23:24 |
| nowen | sorry? | 23:25 |
| Flexyz | sit01 | 23:25 |
| nowen | just select N when prompted to configure it | 23:26 |
| nowen | I think it is a virtualbox thing | 23:26 |
| Flexyz | but what is it? | 23:26 |
| Flexyz | ok | 23:26 |
| Flexyz | demo is showing eth0 and eth1 - when the box has two is eth1 for external ip? | 23:27 |
| nowen | that is up to you | 23:27 |
| Flexyz | but that is the case then? | 23:28 |
| nowen | you can assign any IP you want to to any eth | 23:28 |
| Flexyz | but will admin site listen to all interfaces? | 23:28 |
| nowen | ahh - the assumption is that you will control that at your firewall - that the server will be in the dmz | 23:29 |
| nowen | so, yes, it will | 23:29 |
| Flexyz | ok so no real use for it then - the internal firewall what is that used for? only network clients or | 23:30 |
| nowen | yes - network clients | 23:30 |
| Flexyz | oki would make sense if two interfaces are configured one of then could be for tokens only - so eth0 lan/dmz eth1 ext and ONLY for tokens | 23:32 |
| Flexyz | just a though | 23:32 |
| nowen | yes, depending on your setup | 23:32 |
| Flexyz | but that is not the case right - I have to control it by my firewall right | 23:33 |
| nowen | yes, or we can tell you how to do it in tomcat, but your firewall is the best place for it | 23:33 |
| Flexyz | but is it also firewalled internally between eth0 and eth1? | 23:35 |
| nowen | no | 23:36 |
| Flexyz | oki, sorry for all the stupid quesions, just dont feel to happy to let the whole internet get direct access to the same interface with the admin site - I know only port 80 should be opened - but still | 23:38 |
| nowen | do you have a firewall in front of the WiKID server? | 23:38 |
| Flexyz | well there is no option :) so sure | 23:38 |
| nowen | defense in depth... | 23:39 |
| nowen | you can lock ports to specific IPs in tomcat | 23:41 |
| Flexyz | is the token request straight http? | 23:41 |
| nowen | yes | 23:41 |
| Flexyz | so if it proxyed it will still work | 23:41 |
| nowen | the tokens use public key encryption, so no need for ssl there | 23:41 |
| nowen | yes | 23:41 |
| Flexyz | ok | 23:41 |
| nowen | you can put apache or something and proxy it | 23:41 |
| nowen | all token requests will go to /wikid/ | 23:42 |
| Flexyz | alright | 23:42 |
| nowen | I'm about to head home - got any more questions? | 23:47 |
| Flexyz | no thx | 23:49 |
| nowen | ok - I will be back tomorrow. If you post something to the forums, we can respond there any time (mostly) | 23:50 |
| nowen | bye! | 23:50 |
| *** nowen has quit (Quit: Leaving.) | 23:50 | |
| *** Flexyz has quit (Quit: Page closed) | 23:52 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!