| *** nowen (~nowen@adsl-74-176-212-133.asm.bellsouth.net) has joined #wikid | 15:50 | |
| *** Jon____ (54d1328f@gateway/web/freenode/ip.84.209.50.143) has joined #wikid | 19:47 | |
| *** Jon____ has quit (Client Quit) | 19:48 | |
| *** Jon_Ole (54d1328f@gateway/web/freenode/ip.84.209.50.143) has joined #wikid | 19:55 | |
| nowen | hi Jon_Ole | 19:55 |
|---|---|---|
| Jon_Ole | hi | 19:56 |
| Jon_Ole | I have a quick question about your android client. | 19:56 |
| nowen | ok | 19:56 |
| Jon_Ole | I've managed to get a java client registered with my server | 19:56 |
| Jon_Ole | however when I try the android clients it just waits a little while and goes back to the pages saying that I dont have any domains. | 19:58 |
| nowen | hmm. what is your domain identifier? | 19:58 |
| Jon_Ole | 085025236054 | 19:58 |
| Jon_Ole | I've tried it with a proxy in front also. | 19:59 |
| Jon_Ole | I could see the connection comming through with status 200 however only one request was sent as opposed to the java client. | 19:59 |
| nowen | hmm | 20:00 |
| Jon_Ole | I could find much in terms of log messges in the log files for the wikid server. | 20:01 |
| nowen | is there anything on the WiKIDAdmin logs? | 20:01 |
| Jon_Ole | is there some way to turn on more logging? | 20:01 |
| Jon_Ole | no, I meant to say I couldn't find anything. | 20:01 |
| Jon_Ole | basically messages about startup and status, nothing about the android client. | 20:02 |
| nowen | if you go to Logs / Configure loggers, you can set com.wikidsystems and com.wikidsystems.client.wClient and com.wikidsystems.client.wAuth to debug | 20:05 |
| nowen | then on the logs page, set the log level filter to 'debug' and hit Filter | 20:06 |
| nowen | if you want the logs to go the /opt/WiKID/logs, then you can change your /etc/WiKID/log4j.properties to http://pastebin.com/Qd9yfkpQ | 20:06 |
| *** Jon_Ole has quit (Ping timeout: 245 seconds) | 20:06 | |
| *** Jon_Ole (54d1328f@gateway/web/freenode/ip.84.209.50.143) has joined #wikid | 20:10 | |
| nowen | welcome back :) | 20:10 |
| Jon_Ole | hello again. | 20:10 |
| Jon_Ole | seems like I got disconnected... | 20:10 |
| nowen | did you set the domain to be locked tokens only or something? | 20:10 |
| Jon_Ole | anyway this message might be related: | 20:10 |
| Jon_Ole | com.wikidsystems.crypto.wCryptoException: com.ntru.jNeo.NTRUException: EXCEPTION!! (code: 51) | 20:10 |
| nowen | is this the enterprise version? | 20:11 |
| Jon_Ole | no i didn't touch those options. | 20:11 |
| Jon_Ole | yes, it is now. I started with the community edition thinking it would suffice, but then I saw the missing radius... | 20:12 |
| nowen | yeah, it is also missing support for Ntru, which is the encryption we use on wireless devices | 20:12 |
| Jon_Ole | ok | 20:12 |
| *** Jon_Ole_ (54d1328f@gateway/web/freenode/ip.84.209.50.143) has joined #wikid | 20:14 | |
| Jon_Ole_ | hmm got disconnected again. | 20:14 |
| nowen | are you using the web interface to irc? | 20:15 |
| Jon_Ole_ | anyway then it is a question of making sure the community version has gotten properly removed... | 20:15 |
| Jon_Ole_ | yes | 20:15 |
| Jon_Ole_ | it doesnt work very well:) | 20:15 |
| nowen | yeah, you want to be sure to kill the database which is in /var/lib/pgsql/data | 20:16 |
| nowen | I recommend you mv it and then run 'service postgresql start' to recreate an empty one, then install the enterprise version | 20:16 |
| Jon_Ole_ | ok, thanks. I'll try that. | 20:16 |
| *** Jon_Ole has quit (Ping timeout: 245 seconds) | 20:17 | |
| *** Jon_Ole_ has quit (Ping timeout: 245 seconds) | 20:44 | |
| *** Jon_Ole (54d1328f@gateway/web/freenode/ip.84.209.50.143) has joined #wikid | 21:45 | |
| Jon_Ole | hello again | 21:45 |
| Jon_Ole | thanks for the help on the previous problem | 21:46 |
| nowen | np | 21:46 |
| nowen | is there a new one? ;) | 21:46 |
| Jon_Ole | replacing the database solved the issue. | 21:46 |
| Jon_Ole | :) | 21:46 |
| Jon_Ole | Im working on the example.jsp now. | 21:46 |
| nowen | ok | 21:46 |
| Jon_Ole | does this tell you anything? | 21:46 |
| Jon_Ole | No X509TrustManager implementation available | 21:46 |
| nowen | when does it come up? | 21:47 |
| Jon_Ole | as soon as I open the example.jsp file. | 21:47 |
| Jon_Ole | I get The wClient connection to the server was NOT successfully established | 21:47 |
| nowen | what edits did you do in the file? | 21:48 |
| Jon_Ole | I updated defaultservercode | 21:48 |
| Jon_Ole | wc = new wClient("127.0.0.1", 8388, Config.getValue("BASEPATH") + "private/localhost.p12", "my key" | 21:49 |
| Jon_Ole | my key being my encryption key | 21:49 |
| nowen | where "my key" == your localhost passphrase? | 21:49 |
| nowen | ahh | 21:49 |
| Jon_Ole | that was basically it. | 21:49 |
| nowen | it should be the passphrase for localhost.p12 | 21:50 |
| Jon_Ole | ok, well I gave the same passphrase for all passphrases during install and config. | 21:51 |
| Jon_Ole | wanted to keep it simple. | 21:51 |
| nowen | hehe, don't blame you | 21:51 |
| Jon_Ole | I found some pages on a similar topic where they had tried to replace the java policy files, but that didnt help for me atleast. | 21:52 |
| nowen | yeah, if you put your passphrase in there and then run wikidctl restart, I think you'll be ok | 21:53 |
| Jon_Ole | tried that several times... | 21:53 |
| nowen | hmm | 21:53 |
| nowen | run 'locate java.security' and run diff on the results. should be two | 21:54 |
| Jon_Ole | diff /opt/WiKID/conf/templates/java.security /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/security/java.security | 21:54 |
| Jon_Ole | that yielded no results. | 21:55 |
| nowen | so, to be clear, "my key" is the passphrase you used? | 21:56 |
| Jon_Ole | yes | 21:56 |
| nowen | can you post the whole error to pastebin? | 21:56 |
| Jon_Ole | sure | 21:57 |
| Jon_Ole | how would I do that? | 21:57 |
| Jon_Ole | a google search gives me several options for pastebin... | 21:59 |
| nowen | hehe, just head to http://pastebin.org and paste the error message, it will return an url | 21:59 |
| nowen | post the url here | 21:59 |
| Jon_Ole | http://pastebin.com/gQ2zijgR | 22:00 |
| Jon_Ole | hmm, never used that before. seems handy. | 22:01 |
| nowen | yeah, very | 22:01 |
| nowen | you have to remember to erase any private info ;) | 22:01 |
| Jon_Ole | yes, that could be unfortunate.... | 22:02 |
| nowen | there is a comma after your "my key", right? | 22:04 |
| Jon_Ole | yes | 22:05 |
| Jon_Ole | otherwise I probably would have ended up with a compliation error instead... | 22:06 |
| nowen | yeah | 22:06 |
| nowen | have you tried using keytool on the certs? | 22:06 |
| nowen | did you create new certs for the Enterprise edition? | 22:07 |
| Jon_Ole | no I was happy that it kept my old certs.. | 22:07 |
| nowen | I don't think that would be an issue | 22:07 |
| Jon_Ole | are the certs different between versions? | 22:07 |
| nowen | no | 22:08 |
| nowen | only the crypto | 22:08 |
| Jon_Ole | ok, and radius... | 22:08 |
| nowen | what's the date on your /opt/WiKID/private/CACertStore ? | 22:08 |
| nowen | this should mean that the cacertstore that wClient is using doesn't have the CA that signed the servers intCA in it. | 22:09 |
| Jon_Ole | Modify: 2012-03-07 19:04:30.000000000 +0100 | 22:10 |
| Jon_Ole | that would be 4 hours ago. | 22:11 |
| Jon_Ole | about when I started. | 22:11 |
| nowen | and WiKIDCA.cer? | 22:12 |
| Jon_Ole | hmm... Modify: 2012-02-14 16:17:23.000000000 +0100 | 22:13 |
| Jon_Ole | could this mean the enterprise edition has dropped a old version of the certificate file in there replacing the one that the community edtion created. | 22:14 |
| Jon_Ole | ? | 22:14 |
| nowen | possibly | 22:14 |
| nowen | I think just recreate the intca and localhost via the web interface and see | 22:14 |
| Jon_Ole | ok, I'll try that. | 22:15 |
| Jon_Ole | This CSR contains a Distinguished Name(DN) that already exists in the WiKID CA database. | 22:17 |
| nowen | ok hold on | 22:17 |
| nowen | ok | 22:18 |
| nowen | try it now | 22:19 |
| Jon_Ole | ok, it worked. All files seems updated except WiKIDCA.cer | 22:21 |
| Jon_Ole | I did the int ca and the localhost certificate again. | 22:21 |
| nowen | hmm | 22:22 |
| Jon_Ole | ok, the problem remains. | 22:24 |
| nowen | hmm | 22:24 |
| nowen | maybe it is the other way around, maybe the rpm install of enterprise didn't overwrite the existing community WiKIDCA.cer? | 22:25 |
| Jon_Ole | ok, that might be it. I'll extract the file from the enterprise version and overwrite it manually. | 22:27 |
| Jon_Ole | hmm, excact same timestamp and size. | 22:39 |
| nowen | hmm | 22:40 |
| Jon_Ole | anyway I copied over and restarted. got the exact same problem. | 22:40 |
| nowen | hmm | 22:41 |
| nowen | wtf | 22:42 |
| Jon_Ole | ok | 22:42 |
| Jon_Ole | ? | 22:42 |
| nowen | wft == what the f*ck, excuse my french - but since you're .nl, I assumed you spoke that too :) | 22:43 |
| nowen | so, the first thing that occurs to me is to rm /opt/WiKID/private, re-install and recreate the certs | 22:43 |
| Jon_Ole | yeah, I think I'll try this on a new vm tomorrow. | 22:44 |
| nowen | I'm sorry | 22:44 |
| nowen | not usually this convoluted | 22:45 |
| Jon_Ole | sure, that is fine. thanks for your help anyway. I'm impressed with your support anyway. It is not often we get this kind of support during a trial period. | 22:46 |
| Jon_Ole | atleast not before talking to a lot of sales people first... | 22:46 |
| nowen | well, we want it all up and running before you buy | 22:46 |
| nowen | and we don't have any sales people | 22:46 |
| Jon_Ole | sounds great. | 22:47 |
| nowen | we're trying to do things a bit different ;) | 22:47 |
| nowen | all we want after you buy is suggestions for improvement | 22:47 |
| Jon_Ole | anyway, this install is just for myself, but I'm looking to set up a two factor solution for production access to our systems at work. there is a ssh gatway I really want to get rid of. | 22:48 |
| nowen | hmm | 22:48 |
| nowen | how would we fit in that picture? | 22:48 |
| nowen | no ssh keys? just otps? | 22:49 |
| Jon_Ole | we have an existing two factor solution which is somewhat inflexible. people have objected to using this against production and we have therefore ended up with a solution based on ssh and ssh keys. This is a solution I want to get rid of replace with for example openvpn and a two factor solution like yours. | 22:50 |
| nowen | ahh | 22:51 |
| nowen | makes sense | 22:51 |
| Jon_Ole | anyway, I've had enough for today. thanks for your help again. | 22:52 |
| nowen | ok | 22:52 |
| nowen | see you tomorrow | 22:52 |
| *** nowen has quit (Quit: Leaving.) | 23:05 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!