| *** Matt_ (5c3c7001@gateway/web/freenode/ip.92.60.112.1) has joined #wikid | 10:29 | |
| Matt_ | Hello | 10:29 |
|---|---|---|
| *** Matt_ has quit (Ping timeout: 245 seconds) | 10:46 | |
| *** nowen (~nowen@adsl-98-66-180-154.asm.bellsouth.net) has joined #wikid | 13:10 | |
| Andrew_ | Good morning Nick | 14:34 |
| nowen | morngin | 14:35 |
| nowen | erp | 14:35 |
| Andrew_ | So I've started with a fresh installation and can't seem to get the web admin pg loaded | 14:36 |
| nowen | hmm | 14:36 |
| Andrew_ | after looking into it a bit it seems that tomcat isn't running on port 443 | 14:36 |
| nowen | is there an error in /opt/WiKID/tomcat/logs/catalina.out? | 14:36 |
| Andrew_ | I explicitly followed the steps laid out here: http://www.wikidsystems.com/support/wikid-support-center/installation-how-tos/how-to-install-the-wikid-enterprise-rpms | 14:36 |
| nowen | run 'echo $JAVA_HOME' | 14:38 |
| Andrew_ | echo $JAVA_HOME' | 14:39 |
| nowen | does it return anything? | 14:39 |
| *** Andrew_ has quit (Quit: Page closed) | 14:39 | |
| *** Andrew_ (c010ccd7@gateway/web/freenode/ip.192.16.204.215) has joined #wikid | 14:40 | |
| nowen | does it return anything? | 14:40 |
| Andrew_ | yes | 14:40 |
| Andrew_ | it won;t let me sent it | 14:41 |
| nowen | ah - just add a space to the start or some char | 14:41 |
| Andrew_ | ahh there we go | 14:42 |
| Andrew_ | /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64 | 14:42 |
| nowen | ok | 14:42 |
| nowen | run 'export JAVA_HOME=/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre' | 14:42 |
| nowen | and then restart wikid | 14:42 |
| Andrew_ | ok that seems to have worked | 14:48 |
| Andrew_ | I've logged into the interface via chrome | 14:49 |
| nowen | I'll update the docs | 14:49 |
| Andrew_ | firefox was returning and error about the certificate and wouldn't let me proceed | 14:49 |
| Andrew_ | ok thanks | 14:49 |
| nowen | huh, you should just be able to create an exception for the self-signed cert | 14:50 |
| Andrew_ | Yup, I'll look into it | 14:54 |
| Andrew_ | What do i need to add to /etc/WiKID/security | 14:54 |
| nowen | one line: 'WAUTH_PASSPRHASE='yourpassphrase' | 14:55 |
| nowen | where yourpassphrase is the one you used for the intca | 14:55 |
| Andrew_ | got it | 14:56 |
| Andrew_ | im getting stuck after restarting here | 14:56 |
| Andrew_ | Passphrase is good. Proceeding ... Waiting for wAuth initialization to complete....... | 14:56 |
| Andrew_ | its now two lines of periods.. | 14:57 |
| nowen | still not starting? | 15:00 |
| Andrew_ | it passed the Wauth startup after 3 lines of periods. It's now hanging at Starting LDAP protocol daemon...Success! | 15:01 |
| Andrew_ | Ok now it finished | 15:01 |
| nowen | did you enable ldap? | 15:01 |
| Andrew_ | yes | 15:01 |
| nowen | yeah, I recommend against that if your using radius. it just takes up memory | 15:02 |
| Andrew_ | I thought I would need both since the system would also need to work with LDAP to get passwords to login | 15:02 |
| Andrew_ | Radius simply goes to the LDAP server and verifies that the ldap user credentials are correct using radius | 15:03 |
| nowen | if you want to use two-factor auth, the user enters their username and the OTP. LDAP does authorization based on the username and proxies the credentials to WiKID for authentication | 15:04 |
| Andrew_ | so it should be LDAP_PW&OTP | 15:05 |
| Andrew_ | all in one line? | 15:05 |
| nowen | I've never seen that. I supposed you could write a custom module to do that | 15:05 |
| nowen | usually just OTP | 15:05 |
| Andrew_ | How is it supposed to be/ | 15:05 |
| nowen | the benefit is that you are not using your LAN password outside the lan | 15:05 |
| nowen | username and OTP | 15:06 |
| *** Andrew_ has quit (Quit: Page closed) | 15:10 | |
| *** Andrew_ (c010ccd7@gateway/web/freenode/ip.192.16.204.215) has joined #wikid | 15:23 | |
| Andrew_ | any idea why the Wauth takes so long? | 15:25 |
| nowen | did you disable ldap? | 15:26 |
| Andrew_ | yes | 15:26 |
| nowen | hmm | 15:26 |
| nowen | I've seen this before, but it is hard to replicate | 15:26 |
| nowen | any errors in /opt/WiKID/tomcat/logs/catalina.out or in the WiKIDAdmin logs? | 15:27 |
| Andrew_ | i'll let you know when WikIDAdmin finishes restarting | 15:27 |
| Andrew_ | INFO: Deploying web application archive WiKIDAdmin.war Loading configuration from /etc/WiKID/WiKID.properties Mar 9, 2012 10:26:18 AM org.apache.catalina.startup.HostConfig deployWAR INFO: Deploying web application archive wikid.war Mar 9, 2012 10:26:18 AM org.apache.coyote.http11.Http11BaseProtocol start INFO: Starting Coyote HTTP/1.1 on http-80 Mar 9, 2012 10:26:19 AM org.apache.coyote.http11.Http11BaseProtocol start INFO: Starting | 15:28 |
| nowen | seems normal | 15:28 |
| nowen | run 'netstat -anp | grep 839' | 15:29 |
| nowen | maybe the ldap listener is hung | 15:32 |
| Andrew_ | I'm still receiving an odd error when trying to visit the FQDN/wikidadmin | 15:41 |
| nowen | on FF? | 15:42 |
| Andrew_ | firefox displays the untrusted connection pg | 15:42 |
| Andrew_ | when you click add acception... it says the certificate is valid but will not allow you to continue | 15:42 |
| Andrew_ | is it possible to regenerate the certificate on the server side to overcome this issue | 15:44 |
| nowen | sure | 15:44 |
| Andrew_ | how should I go about that | 15:44 |
| nowen | just delete /opt/WiKID/conf/tomcatKeystore and restart | 15:44 |
| Andrew_ | waiting for wAuth to finish restarting now | 15:46 |
| nowen | did you run 'netstat -anp | grep 839'? | 15:46 |
| Andrew_ | netstat -anp | grep 839 tcp 0 0 127.0.0.1:8390 0.0.0.0:* LISTEN 12155/java unix 3 [ ] STREAM CONNECTED 11839 1921/sudo | 15:48 |
| nowen | that | 15:49 |
| nowen | isn't from WiKID | 15:49 |
| nowen | how much memory is on this server? | 15:49 |
| Andrew_ | 2GB | 15:56 |
| nowen | is Selinux enabled? | 15:57 |
| Andrew_ | its disabled | 15:57 |
| Andrew_ | getenforce Disabled | 15:57 |
| nowen | hmm | 15:57 |
| nowen | anything in /var/log/messages? | 15:57 |
| Andrew_ | nope | 15:58 |
| nowen | and nothing in the WiKIDAdmin logs? | 16:00 |
| nowen | still getting the lines and lines of .....? | 16:01 |
| Andrew_ | yes | 16:01 |
| Andrew_ | 2012-03-09 10:48:29.200ERRORorg.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/wikid]Servlet /wikid threw load() exception 2012-03-09 10:48:29.180ERRORorg.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/wikid]Error loading WebappClassLoader delegate: false repositories: /WEB-INF/classes/ ----------> Parent Classloader: org.apache.catalina.loader.StandardClassLoader@4a5f2db0 pgPool 2012-03-09 10:26:1 | 16:01 |
| *** joevano (~joevano@bzflag/developer/JoeVano) has joined #wikid | 16:05 | |
| joevano | Question about preregistering users... the documentation is unclear (http://www.wikidsystems.com/support/wikid-support-center/installation-how-tos/how-to-configure-pre-registration-of-users0 | 16:06 |
| nowen | Andrew_: I'll have to ask around about that one | 16:07 |
| nowen | joevano: ok | 16:07 |
| joevano | where does the list o preregistration "secrets" go? | 16:07 |
| Andrew_ | ok Thanks Nick | 16:07 |
| nowen | you upload it into the server | 16:07 |
| nowen | look under the User's tab | 16:07 |
| joevano | ah | 16:07 |
| joevano | thanks... looks like this is going to work well for us | 16:08 |
| nowen | good stuff | 16:08 |
| nowen | let me know what you need | 16:08 |
| joevano | should be getting a purchase together next week some time | 16:09 |
| nowen | nice | 16:09 |
| joevano | just testing now... and I think that was our last hurdle | 16:09 |
| nowen | have you set up your Network client for testing too? | 16:09 |
| nowen | eg, vpn? | 16:10 |
| joevano | currently using a test network, have preconfigured the jw.properties file this morning and my guy said it works | 16:12 |
| *** Andrew_ has quit (Quit: Page closed) | 16:12 | |
| joevano | we use an F5 VPN and I could set that up even without your helpful documentation since you do radius | 16:12 |
| nowen | sounds good | 16:12 |
| nowen | yes, radius FTW | 16:12 |
| joevano | was getting tired of sealed tokens dying and am glad I found this | 16:13 |
| nowen | hehe | 16:15 |
| nowen | were you using RSA? | 16:15 |
| joevano | for enterprise, how easy is it to up the number of clients? is it better to license what our max will be in a year or do it every three or six months? | 16:16 |
| joevano | don't want it to be a hassle, but not everyone will have access right away... eventually we will probably have 800-900 | 16:17 |
| nowen | it is mostly a matter of what is easiest from a payment processing standpoint for you. | 16:17 |
| joevano | nowen: ActivIdentity | 16:17 |
| nowen | and how did you hear about us? | 16:18 |
| joevano | google search "open source two factor auth" | 16:19 |
| nowen | yeah, that tends to be us | 16:19 |
| joevano | I figured there had to be something out here and since I work on an open source project as well I tend to do my first looking there | 16:20 |
| nowen | yeah, I'm always searching for "open source XXX" :) | 16:21 |
| nowen | so, when you say "sealed tokens" you mean that they were arriving bad? | 16:25 |
| joevano | no... that the battery can't be replaced | 16:31 |
| nowen | ahh | 16:31 |
| joevano | that is the #1 reason they die, with ActivCard the tokens last as long as the battery. they don't have a set active time limit they are valid for | 16:32 |
| joevano | but they usually last 2-3 years | 16:32 |
| nowen | so, what's the average lifetime? | 16:32 |
| nowen | gotcha | 16:32 |
| nowen | so not much better than RSA then | 16:33 |
| joevano | and then the other issue we have is that users leave and have lost the token or it wasn't collected by HR, or they run it over with their car, or it falls in the toilet (??? don't even ask), or... | 16:34 |
| joevano | the activcard pricing is what is attractive, about 1/2 the price of RSA (at least at the time we went with them 6-8 years ago) | 16:36 |
| nowen | yeah, I can follow the RSA pricing pretty easily. Actividentity is harder to find. but if they are 50% of rsa, then I bet we're less than they are stil | 16:38 |
| nowen | l | 16:38 |
| joevano | yeah definatelly... not as big a savings but still way less hassle | 16:44 |
| joevano | ok, having problems with uploading a preregistration file... nothing is getting read from the file | 16:46 |
| nowen | hmm | 16:55 |
| nowen | did you select the domain? | 16:56 |
| joevano | figured it out... the file cannot have a file extension | 16:58 |
| nowen | huh | 16:58 |
| joevano | named the file prereg.txt and it was a no go... removed the .txt and all was good | 16:59 |
| joevano | ok, another question. Can you force the use of the preregistration with the phone clients? | 17:02 |
| nowen | no - sorry, prereg isn't supported on the phone | 17:02 |
| nowen | clients | 17:02 |
| joevano | ok.. not an issue, just a procedural thing | 17:04 |
| nowen | have you seen the api? | 17:04 |
| nowen | joevano: can you tell me who you are with? | 17:33 |
| nowen | via pm? | 17:38 |
| *** nowen has quit (Quit: Leaving.) | 22:24 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!