| *** nowen (~nowen@adsl-74-176-163-56.asm.bellsouth.net) has joined #wikid | 13:00 | |
| *** Barry_ (561ca72c@gateway/web/freenode/ip.86.28.167.44) has joined #wikid | 15:25 | |
| Barry_ | Hi | 15:25 |
|---|---|---|
| nowen | hi | 15:25 |
| Barry_ | I'm trying to put 2FA in place for Windows Server 2008 R2. Can Wikid do this? | 15:26 |
| nowen | how do you connect to it? | 15:26 |
| Barry_ | Filezilla currently but I can use IIS FTP. | 15:27 |
| nowen | as long as you can get your FTP server (which I hope is using SFTP) to support radius, you should be fine | 15:27 |
| Barry_ | I think I can get it working with SFTP; both seem to support that. Is there a "how-to" on this? | 15:28 |
| nowen | I don't think so. | 15:28 |
| nowen | we have some on using NPS | 15:29 |
| nowen | which is the MS radius plugin for AD | 15:29 |
| Barry_ | Not familar with that. Any docs on what this is and how to set it up? | 15:30 |
| nowen | well, now that I think about it, it's probably not what you need at least directly | 15:30 |
| nowen | Could you run the ftp connections through ISA or whatever it is called now? | 15:30 |
| Barry_ | What is that? | 15:31 |
| nowen | http://technet.microsoft.com/en-us/forefront/bb758895 | 15:31 |
| nowen | now called Forefront | 15:31 |
| Barry_ | Not sure what that is. Looks like it could be a way to go. So there's nothing that drops straight into a Windows Server? | 15:34 |
| nowen | well, it is your FTP server that needs to support it | 15:34 |
| nowen | so, if you can get IIS FTP server to talk radius to WiKID, then it should be no problem | 15:35 |
| Barry_ | Assuming I can get it talking to radius, and I'm sure I can, what's the install process? | 15:36 |
| nowen | well, WiKID is a stand-alone system, you install it on it's own hardware or virtually | 15:36 |
| *** SEJeff has parted #wikid ("Leaving") | 15:36 | |
| Barry_ | This would be for deployment from the outside of data centers so virtual is the only option. | 15:37 |
| nowen | So, the WiKID server ISO is a software appliance based on Centos linux. You don't need to know linux, but it can help | 15:39 |
| Barry_ | Ok, so the virtual implementation only runs under linux? | 15:40 |
| nowen | correct. All of our software runs on linux. The virtual Appliance is set up so you do not have to know linux to use it. | 15:41 |
| Barry_ | Ok, so that would mean I'd have to setup VMWare on the server to run this, or use seperate hardware? | 15:42 |
| nowen | correct | 15:42 |
| Barry_ | Ok, well I guess I'd have to go that way in the long term. | 15:43 |
| Barry_ | Thanks for your help. | 15:43 |
| nowen | np | 15:43 |
| nowen | thanks for your interest | 15:43 |
| *** Barry_ has quit (Quit: Page closed) | 15:44 | |
| joevano | nowen: trying to get challenge/response to work with our F5 Firepass, normal mode works great | 16:24 |
| nowen | does it issue a challenge? | 16:24 |
| joevano | according to F5 no additional config is required. Can you confirm that this is what WiKID does? http://support.f5.com/kb/en-us/solutions/public/9000/600/sol9630.html | 16:25 |
| joevano | it does not | 16:25 |
| nowen | are your users having issues being out of network? | 16:25 |
| joevano | not currently... but I don't want to find out it doesn't work when they need it | 16:26 |
| nowen | good point | 16:26 |
| joevano | I am thinking of some users possibly with an iPod and the client on it with an aircard or something | 16:27 |
| joevano | and no wifi | 16:27 |
| nowen | just so you know, our ability to do c/r comes up frequently in pre-sales. but it has never come up in production. for what that's worth. | 16:31 |
| nowen | so how do you get the F5 to give you a challenge? | 16:32 |
| joevano | yeah, I ddn't think of it and it isn't a huge deal... just a nice to have | 16:32 |
| nowen | I'm curious now | 16:32 |
| joevano | i asssumed a blank password, but that is a good question | 16:33 |
| nowen | that's what I would have thought | 16:33 |
| joevano | ha... known f5 issue, if you have 2 radius auths services configured it may send it to the wrong one | 16:35 |
| joevano | guess how we are configured | 16:35 |
| nowen | hehe | 16:35 |
| joevano | guess I'll call to see where they are at on that | 16:36 |
| joevano | nowen: is it possible for the same user id to have multiple device tokens in the same domain? my guess is no | 20:05 |
| nowen | yes, but you have to add them via the api. check out the example.jsp page | 20:06 |
| joevano | ah... awesome! thanks | 20:06 |
| nowen | Add a Device without a Passcode is the method you want | 20:06 |
| joevano | cool thanks | 20:08 |
| joevano | ooooh a Ruby gem... this gets better and better | 20:54 |
| nowen | hehe | 20:54 |
| *** nowen has quit (Quit: Leaving.) | 22:42 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!