| *** mos`work (~swagimusm@38.122.21.70) has joined #wikid | 01:05 | |
| *** mos`work is now known as mos` | 01:05 | |
| mos` | hello - anyone available to help? | 01:06 |
|---|---|---|
| *** mos` has quit (Client Quit) | 01:07 | |
| *** nowen (~nowen@adsl-74-176-212-133.asm.bellsouth.net) has joined #wikid | 13:16 | |
| *** gvidals (18f9cf04@gateway/web/freenode/ip.24.249.207.4) has joined #wikid | 15:44 | |
| gvidals | owne, my wikid instance 3.3.1 isn't saving my data. everything works the first time around, but when I try to use it again, the data is gone. | 15:46 |
| gvidals | galaxy nexus (google phone) ice cream sandwhich 4.0.2. so i have to re-create each time i use it. | 15:47 |
| nowen | what version of the token? | 15:47 |
| gvidals | my android is running 3.3.1 | 15:51 |
| gvidals | i just tried it again and confirmed the issue. setup domain, pass code, authorized user from wikid web interface, all good. | 15:52 |
| gvidals | then when i go back to use the token again, the domain is gone. | 15:52 |
| gvidals | it doesn't seem to be saving it. | 15:52 |
| nowen | there is a 3.4 available | 15:53 |
| gvidals | your QR code points to 3.1.1, so i downloaded it by clicking on the link | 16:04 |
| nowen | ugh | 16:04 |
| nowen | I thought it would point to the latest | 16:05 |
| gvidals | installed and now i'm on 3.4, but same issue. when i kill the program and restart it, the domain is gone. | 16:05 |
| nowen | ok - | 16:05 |
| nowen | start the program and add the domain | 16:05 |
| nowen | then use the hardware back key to close out all the windows to exit | 16:05 |
| prowlah | fyi - i have the same phone, nexus with ics 4.0.2 running 3.1.1 and have not seen this issue.. | 16:06 |
| gvidals | that seemed to do the trick! i'm rebooting the phone now and will try again. | 16:07 |
| nowen | ok | 16:08 |
| gvidals | paid my invoice by the way. | 16:08 |
| nowen | thanks! via check? | 16:08 |
| nowen | didn't see the checkout email | 16:09 |
| gvidals | yea, at end of year we use checks to back date to 12/31 for tax advantage. | 16:09 |
| nowen | lol | 16:09 |
| gvidals | yup. it worked. for some reason the set up seems to require a back key. don't recall that being the case with gingerbreak. | 16:09 |
| gvidals | anyway. thanks | 16:09 |
| gvidals | i like the galaxy nexus, but one major flaw. L2TP VPN doesn't work :-( I confirmed this with other engineers... hopefully they will fix soon. | 16:13 |
| *** gvidals has quit (Ping timeout: 258 seconds) | 16:45 | |
| *** Mo (d8390e7c@gateway/web/freenode/ip.216.57.14.124) has joined #wikid | 17:48 | |
| Mo | hello | 17:48 |
| Mo | Nick | 17:48 |
| nowen | hey Mo | 17:48 |
| *** Mo is now known as Guest44272 | 17:48 | |
| nowen | what's up | 17:49 |
| Guest44272 | i just upgraded my cag and everthing blew up | 17:51 |
| Guest44272 | so i had put all the pieces back together | 17:51 |
| nowen | define "blew up" | 17:51 |
| Guest44272 | all works except wikid | 17:51 |
| Guest44272 | i'm looking at the log file | 17:52 |
| Guest44272 | and it shows access denied | 17:52 |
| nowen | does it say why? | 17:52 |
| Guest44272 | using wikid server as radius | 17:52 |
| Guest44272 | i lost the type in field | 17:53 |
| Guest44272 | got it back | 17:54 |
| Guest44272 | any way | 17:54 |
| Guest44272 | any ideas as to why | 17:54 |
| Guest44272 | i'm thinking the radius password might be an issue | 17:54 |
| nowen | does it say why access was denied? | 17:54 |
| nowen | could be | 17:54 |
| Guest44272 | i reset it on both ends | 17:54 |
| nowen | and then did you restart WiKID? | 17:54 |
| Guest44272 | nope | 17:55 |
| Guest44272 | should i restart | 17:55 |
| nowen | yes | 17:55 |
| nowen | everything in radius is cachced | 17:55 |
| nowen | cached | 17:55 |
| nowen | just run 'wikidctl restart' | 17:55 |
| Guest44272 | do i have to restart my | 17:56 |
| Guest44272 | DC as well | 17:56 |
| nowen | what is a DC? | 17:56 |
| nowen | domain controller? | 17:56 |
| Guest44272 | Domain Controller - hosting the radius | 17:56 |
| nowen | that's a question for Microsoft, but I don't think so | 17:57 |
| Guest44272 | rebooted | 17:57 |
| Guest44272 | will try now | 17:57 |
| nowen | you don't need to reboot! just run 'wikidctl restart' | 17:58 |
| Guest44272 | yes that is what i did | 17:58 |
| nowen | lol | 17:58 |
| Guest44272 | no good | 17:59 |
| Guest44272 | still authentication failed | 17:59 |
| nowen | what is the error? | 17:59 |
| nowen | did the ip address change any where? | 18:00 |
| nowen | set your logs to debug: http://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-can-i-set-radius-logging-to-debug-how-can-i-see-if-wikid-is-getting-the-radius-requests and try again | 18:00 |
| Guest44272 | access denied for "userid", domain code: blah client: /my cag | 18:00 |
| nowen | what changed? | 18:01 |
| Guest44272 | <0> access request(1)LEN=62 | 18:01 |
| nowen | post your logs to pastebin.org, please | 18:01 |
| Guest44272 | CAG IP:31999 Access-request by "userid" failed: accessrejectException: Access Denied | 18:01 |
| nowen | you will need to run the logs in debug to see the reason | 18:03 |
| Guest44272 | i have setup in debug | 18:03 |
| Guest44272 | which one should i put in debut | 18:03 |
| Guest44272 | i set 3 of them | 18:03 |
| nowen | the three loggers should be set in debug | 18:04 |
| Guest44272 | i'm seeing these: | 18:06 |
| Guest44272 | Check PAP bombed with AccessRejectException: Access Denied | 18:07 |
| Guest44272 | Passcode is not a number. | 18:07 |
| Guest44272 | passcode is ?2 | 18:07 |
| Guest44272 | <0> Access-Request(1) LEN=62 ip:35771 Access-Request by user Failed: AccessRejectException: Access Denied | 18:08 |
| nowen | sound like a bad shared secret | 18:08 |
| Guest44272 | yup that was my guess; hence, i reset them | 18:09 |
| Guest44272 | will try again | 18:09 |
| Guest44272 | do i have to restart wikidctl | 18:09 |
| nowen | if you change the shared secret or anything in the Network client for a radius client, you have to restart wikid | 18:10 |
| nowen | so, you upgraded you CAG. Did it change setting when you did that? | 18:18 |
| Guest44272 | everything | 18:19 |
| Guest44272 | i had to manually redo the whole thing | 18:19 |
| nowen | that's not a very good upgrade process from Citrix. Is that the standard for them? | 18:20 |
| Guest44272 | yes | 18:22 |
| Guest44272 | u can't upgrade certain firmware you have to wipe and install new version | 18:22 |
| Guest44272 | then reload settings... which rarely works | 18:22 |
| Guest44272 | anyway i got the same error | 18:22 |
| nowen | the CAG is not sending the correct passowod: passcode is ?2 | 18:24 |
| nowen | what does Citrix support say? | 18:24 |
| Guest44272 | haven't called citrix yet | 18:25 |
| nowen | seems like they caused the problem | 18:26 |
| Guest44272 | On the CAG, i pointed the radius server to 2nd wikidserver and it worked | 18:27 |
| nowen | what 2nd wikid server? | 18:27 |
| Guest44272 | we have a second wikidserver | 18:28 |
| Guest44272 | we have licensed for three | 18:28 |
| nowen | what is the difference between the network clients on the two servers? | 18:28 |
| Guest44272 | two different network clients | 18:28 |
| Guest44272 | must be a delay on windows side | 18:30 |
| nowen | how are they different? | 18:30 |
| Guest44272 | seems to be working now. | 18:30 |
| Guest44272 | will keep an eye on it | 18:30 |
| Guest44272 | office closes early today | 18:30 |
| Guest44272 | thanks for your help | 18:30 |
| Guest44272 | have to run out for a quick bite | 18:31 |
| Guest44272 | before heading home | 18:31 |
| Guest44272 | thanks | 18:31 |
| nowen | np | 18:31 |
| *** Guest44272 has quit (Ping timeout: 258 seconds) | 19:05 | |
| prowlah | nowen: in the office now.. just attempted to configure it on my bosses windows machine, looks like same/similar problem as the others | 20:03 |
| nowen | do they all share some type of security software that might prevent it some installing? | 20:04 |
| prowlah | i was going to mention.. the install seems to hang on the creating shortcuts step 7 | 20:04 |
| prowlah | however when i had him just run the run.bat the client cameup.. got him registered, and appears to be functioning fine | 20:04 |
| prowlah | 2012-01-13 19:59:38+0000 [-] WEB OUT: '2012-01-13 19:59:38+0000 [UDSProxyQueryProtocol,client] XMLRPCRelay: SESSION: Your session has expired, please reauthenticate (9007)' | 20:05 |
| prowlah | that seems to be the common message | 20:05 |
| nowen | you get that message from the installer? | 20:05 |
| prowlah | no, on login attempt | 20:05 |
| prowlah | 2012-01-13 20:00:00+0000 [-] WEB OUT: '2012-01-13 20:00:00+0000 [UDSProxyQueryProtocol,client] Web login authentication failed: {'status': 1, 'reason': 'RADIUS access denied', 'user': 'kyoung'}' | 20:05 |
| prowlah | its what i get when i dont enter the correct pw | 20:06 |
| nowen | let's stick to one issue at at time. | 20:06 |
| nowen | which one? | 20:06 |
| prowlah | they are the same.. both of those are from 1 login attempt | 20:06 |
| nowen | what about the installer issue? | 20:07 |
| prowlah | it looks like the installer finishes copying all the files it needs to.. at that point they can use run.bat to launch | 20:07 |
| prowlah | it initially accepted his passcode / login | 20:08 |
| nowen | and WiKID authenticates the user? | 20:08 |
| prowlah | or it seemed to.. let me see if i have a success msg in the log | 20:09 |
| prowlah | hmm i dont see one, but his first attempt.. told him his acct was suspended, which made sense because i hadnt enabled his username in openvpn | 20:10 |
| prowlah | when i did that, it accepted his credentials | 20:10 |
| nowen | so, WiKID authenticates the user | 20:11 |
| prowlah | but just to download the vpn client, trying to login after that fails radius login | 20:11 |
| nowen | I don't understand | 20:11 |
| prowlah | i cant confirm hes getting authenticated.. i dont see it in the log, but it seemed.. like it did to the point where he could grab the openvpn client | 20:11 |
| nowen | set the log level to debug on the WiKIDAdmin logs and hit filter | 20:12 |
| nowen | you should see his authentication | 20:12 |
| prowlah | yes | 20:13 |
| prowlah | 012-01-13 20:01:22.746INFOcom.wikidsystems.radius.log.DBSvrLogImpl<158> Access-Accept(2) LEN=85 192.168.100.193:50837 Access-Request by kyoung succeeded | 20:13 |
| prowlah | 2012-01-13 20:01:22.745INFOcom.wikidsystems.radius.access.WikidAccess4Access granted for kyoung, domain code: 173203191193 client: /192.168.100.193 | 20:13 |
| nowen | yeah, so that is WiKID authenticating the user | 20:14 |
| prowlah | ok yes | 20:15 |
| prowlah | just had him do it again.. its authenticating | 20:15 |
| prowlah | openvpn just doesnt like it | 20:16 |
| prowlah | its not saying radius is refusing.. (or succeeding) just that the session is expired and he needs to re authenticate | 20:16 |
| nowen | I can't help you with openvpn | 20:17 |
| prowlah | yeah.. thats ok.. what i dont understand is why i have no trouble | 20:17 |
| prowlah | home machine, work machine.. it just works fine for me :) | 20:17 |
| nowen | I recommend #openvpn | 20:18 |
| prowlah | SESSION_ID only allowed to be used by client IP address that created it | 20:18 |
| prowlah | yeah.. ill hit them up, thanks | 20:19 |
| *** nowen has quit (Quit: Leaving.) | 22:39 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!