| *** nowen (~nowen@adsl-74-176-212-133.asm.bellsouth.net) has joined #wikid | 13:23 | |
| *** Mo (d8390e7c@gateway/web/freenode/ip.216.57.14.124) has joined #wikid | 16:38 | |
| Mo | Hi Nick | 16:38 |
|---|---|---|
| nowen | hey Mo | 16:38 |
| *** Mo is now known as Guest56543 | 16:38 | |
| Guest56543 | over the weeked we changed our firewalls | 16:39 |
| Guest56543 | and now i can't seem to connect to wikid over port 80 to get the pin code | 16:40 |
| Guest56543 | the server is http access logger | 16:40 |
| Guest56543 | but not much information is there | 16:40 |
| Guest56543 | i have telnet into port 80 | 16:40 |
| Guest56543 | so i know it works | 16:40 |
| nowen | so, you changed the firewall but made no changes WiKID? | 16:40 |
| Guest56543 | right | 16:41 |
| nowen | what changes did you make to your firewall? | 16:41 |
| *** _markh_ (~chatzilla@wish-hq3.gotadsl.co.uk) has joined #wikid | 16:41 | |
| Guest56543 | replaced the old ones with new ones; different type | 16:41 |
| Guest56543 | the changes we made should not affect wikid server | 16:42 |
| Guest56543 | however, i am seeing http access logger on wikid | 16:42 |
| nowen | did anything else change besides the firewall? | 16:42 |
| Guest56543 | no | 16:42 |
| Guest56543 | this is the message | 16:43 |
| Guest56543 | 68.196.208.94 - - "GET /Citrix/PNAgent/config.xml HTTP/1.1" 404 344 | 16:43 |
| nowen | yeah, there is no Citrix data on the wikid server, so it should get a 404, right? | 16:43 |
| nowen | what do you see on the firewall logs? | 16:44 |
| Guest56543 | what citrix data on wikid | 16:47 |
| nowen | you just posted: 8.196.208.94 - - "GET /Citrix/PNAgent/config.xml HTTP/1.1" 404 344 | 16:47 |
| nowen | that is a request for a Citrix file of some kind | 16:48 |
| nowen | right? | 16:48 |
| _markh_ | nowen: Just tried to renew our license online and Google Checkout blew up... Owing to my trigger happy impatience, I suspect we may have ordered multiple licenses :) Can you check for me? | 16:49 |
| nowen | _markh_: no, just the one I see. and they usually come in right away | 16:50 |
| _markh_ | Great - thanks. I don't know what happened, just kept getting a blank page when I hit the Proceed button.... | 16:51 |
| nowen | huh | 16:52 |
| _markh_ | well, if you only have one purchase all must be OK now | 16:54 |
| nowen | yes, I think so. I can easily cancel anything else that comes through | 16:55 |
| _markh_ | Anyhow, we're using wikid-server-enterprise-3.3.2-b2427. Should/can we upgrade? | 16:55 |
| nowen | oh, yes | 16:55 |
| _markh_ | How's the best way of doing that? | 16:55 |
| nowen | grab this rpm: http://wikidsystems-dl.com/wikid-server-enterprise-3.4.87.b1171-1.noarch.rpm | 16:56 |
| nowen | and run 'rpm -Uvh wikid-server-enterprise-3.4.87.b1171-1.noarch.rpm' | 16:56 |
| nowen | on the terminal | 16:56 |
| nowen | how do you do back-ups? | 16:56 |
| _markh_ | we don't ... :-/ | 16:57 |
| nowen | you can quickly back up the db by running: "tar -czvf dbbackup.tar.gz /var/lib/pgsql/data/*" | 16:57 |
| _markh_ | Presumably we stop the server (wikidctl stop)...? | 16:58 |
| nowen | I don't think it will be an issue, but that is an older version. just run that tar command | 16:58 |
| nowen | it is best to run wikidctl stop and then the tar command | 16:58 |
| nowen | the rpm command will stop the server | 16:59 |
| _markh_ | Backing up now... | 17:00 |
| _markh_ | While it's doing that, when we last spoke I was asking about Iphone./Android tokens. The prob for us at the time was that they are locked to use your DNS servers and we need to do our own. Has that position changed? | 17:01 |
| nowen | not yet. We're focused on addressing this in the Advanced server version | 17:04 |
| _markh_ | OK. Well, it's something we'd love to see. Also, I was asked the other day about token security. We use USB sticks, so what's to stop someone briefly stealing someone's USB token and cloning it (thereby getting one part of the two factor auth - although they still need the passcode I guess) | 17:06 |
| nowen | well, you can use secured USB drives if you want. | 17:06 |
| _markh_ | Yes, but is there anything that could stop a disaffected employee from copying the token file to another unsecured device? I guess what I'd like to see is that a Token file is locked to some kind of serial number on the device somehow | 17:08 |
| nowen | if there's an API for that, we might be able to do it. | 17:10 |
| _markh_ | It's not mission critical. The security in the Nat. Health Service is a bit paranoid. I was just wondering if you encoded the token agains the Filesystem UUID or something like it it would make Token copying more difficult... | 17:12 |
| _markh_ | This download is taking ages... :( | 17:13 |
| _markh_ | 84% [====================================> ] 48,926,891 48.2K/s eta 2m 22s | 17:14 |
| nowen | I understand. we do that for the Locked token using the mac addy or the cpu identifier etc. We know that something should be there. | 17:14 |
| nowen | huh | 17:14 |
| nowen | I just downloaded the iso way faster than that | 17:14 |
| _markh_ | Must be our end ... | 17:14 |
| _markh_ | Bah! Need to upgrade sudo. How do I upgrade that under Centos? (We use ubuntu) | 17:16 |
| nowen | yum update sudo | 17:16 |
| nowen | but 'yum update' would be a good idea too | 17:16 |
| _markh_ | ... and that's going to take forever. I'll get on it tomorrow. | 17:21 |
| nowen | yeah | 17:21 |
| _markh_ | thanks. Bye. | 17:22 |
| nowen | Thank you! | 17:22 |
| nowen | Guest56543: did you get anything from the firewall logs? If you request an OTP, you should see what it happening | 17:26 |
| *** bhuffman (4614c8ba@gateway/web/freenode/ip.70.20.200.186) has joined #wikid | 17:29 | |
| bhuffman | Hello - There's an issue that I've found with the java client on linux. It looks for jWiKID.jar file, but the installed file is wikidtoken.jar. | 17:30 |
| bhuffman | I've made a symlink and it works, but you may want to fix that. | 17:30 |
| nowen | huh, thanks! | 17:31 |
| nowen | did you use the installer? | 17:32 |
| bhuffman | yep | 17:32 |
| bhuffman | [bhuffman@polaris WiKID]$ java -jar wikidtoken-3.1.17-installer.jar | 17:33 |
| Guest56543 | nic | 18:09 |
| Guest56543 | nick | 18:09 |
| Guest56543 | any idea | 18:09 |
| Guest56543 | what could my issue b | 18:10 |
| Guest56543 | should i restart | 18:10 |
| nowen | I asked what you saw in your firewall logs | 18:10 |
| *** bhuffman has quit (Ping timeout: 264 seconds) | 18:47 | |
| nowen | Guest56543: did the IP of the firewall change? | 19:00 |
| nowen | Guest56543: did you check the fw logs? | 22:37 |
| *** nowen has quit (Quit: Leaving.) | 23:07 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!