| *** nowen (~nowen@adsl-74-176-163-56.asm.bellsouth.net) has joined #wikid | 13:07 | |
| joevano | nowen: need to move our WiKID production system to a new machine. is there a way to move the install or do we need to start from scratch | 15:24 |
|---|---|---|
| joevano | same OS, just different hardware | 15:24 |
| nowen | same FQDN? | 15:24 |
| joevano | yes | 15:24 |
| nowen | same OS? | 15:25 |
| joevano | exact same | 15:25 |
| nowen | i recommend you install the rpms, start postgresql, copy /var/lib/pgsql/data, /etc/WiKID and /opt/WiKID. | 15:26 |
| nowen | I don't think there would be any issues | 15:26 |
| nowen | /opt/WiKID/private is probably all you need | 15:27 |
| joevano | k... we will try that and if there are we will just start over... still in limited release while we nail down our end user documentation | 15:27 |
| nowen | if you edited files in any of the /opt/WiKID/tomcat/webapps/wikid or WiKIDAdmin folders keep that in mind. they get overwritten on updates anyway | 15:27 |
| joevano | we haven't but good to know | 15:28 |
| *** walkerboh (c6b5126b@gateway/web/freenode/ip.198.181.18.107) has joined #wikid | 16:00 | |
| nowen | welcome walkerboh | 16:01 |
| walkerboh | Hey Nowen | 16:01 |
| walkerboh | Mind answering a few questions? | 16:01 |
| nowen | not at all | 16:01 |
| walkerboh | I've got a Cisco Env | 16:01 |
| walkerboh | And would like to Nix ACS and But add Cisco Client VPN two factor | 16:02 |
| nowen | are your users in AD? | 16:02 |
| walkerboh | Yes | 16:02 |
| nowen | and you use radius currently? | 16:03 |
| walkerboh | Addtionally... | 16:03 |
| walkerboh | Well, we use ACS - Tacacs+ to A.D. | 16:03 |
| walkerboh | Cisco --> ACS --> A.D. | 16:03 |
| nowen | ok | 16:04 |
| walkerboh | What can I expect as far as troubles setting up this kind of setup. | 16:04 |
| walkerboh | Home PC (Cicso VPN Client) --> Cisco ASA --> WikiD/FreeRadius --> A.D. | 16:05 |
| nowen | You can use the MS radius plugin on AD. that would look like: | 16:05 |
| nowen | home pc >> Cisco ASA >> NPS/AD >> WiKID | 16:05 |
| walkerboh | Oh really!? | 16:06 |
| nowen | NPS will do the authorization based on the username only. | 16:06 |
| nowen | the user logs in with their AD username and the OTP | 16:06 |
| nowen | NPS will proxy the auth to WiKID and WiKID will ack back | 16:06 |
| walkerboh | Where is the second auth? | 16:07 |
| nowen | the user would have a WiKID token - on their PC or smart phone or both - | 16:07 |
| nowen | the tokens use public private keys and talk to the server. possession of the private key embedded in the token is one factor, the PIN is the other | 16:08 |
| walkerboh | No A.D. Password? | 16:08 |
| nowen | no, which I consider good - no lan password used outside the lan | 16:08 |
| walkerboh | *Nods* intresting. | 16:09 |
| walkerboh | Tell me more about the certificate | 16:09 |
| nowen | not really a cert, flat keys more like PGP | 16:09 |
| walkerboh | Does the Cert integrate with CiscoVPN Software well? | 16:09 |
| walkerboh | (Never tried it before) | 16:09 |
| walkerboh | Okay PGP | 16:09 |
| walkerboh | Great | 16:10 |
| nowen | currently there is no integration, it is a separate client. | 16:10 |
| nowen | we support linux, windows, mac, bb, iphone/pad, android, windows mobile | 16:10 |
| walkerboh | Tell me more about the separate client - Java? | 16:10 |
| walkerboh | OpenVPN? | 16:10 |
| nowen | mostly, except for windows mobile and iphone | 16:11 |
| nowen | openvpn integration is on the backend via radius | 16:11 |
| nowen | http://www.wikidsystems.com/downloads/token-clients | 16:11 |
| walkerboh | *Reading* | 16:11 |
| walkerboh | Okay | 16:12 |
| walkerboh | So a SSL Tunnel over Web | 16:13 |
| walkerboh | Tell me more about Client Experiance | 16:13 |
| nowen | no, the tokens use asymmetric encryption, no ssl is needed | 16:13 |
| walkerboh | Is Split tunnelling enabled? | 16:13 |
| nowen | we're not a VPN, just the auth part | 16:13 |
| walkerboh | Okay, So the auth goes over the browser, asks for a pin/name. | 16:14 |
| nowen | no browser either, it is just our token client. we do use port 80. | 16:14 |
| nowen | what kind of smart phone do you have? | 16:14 |
| walkerboh | Okay Java Client On Port 80 | 16:14 |
| walkerboh | iPhone | 16:14 |
| walkerboh | But we also support BB | 16:14 |
| nowen | go to the app store and search for WiKID | 16:15 |
| nowen | or go here: http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=308490266&mt=8 | 16:15 |
| walkerboh | Before going too far... Can I ask a bit more? Or were you going somewhere with that thought? | 16:15 |
| nowen | just that if you wanted to see the client experience, it is right there | 16:16 |
| walkerboh | *Bookmarked* | 16:16 |
| walkerboh | (BTW, I'm still really new to my iPhone - forgive my lake of experiance) | 16:17 |
| nowen | np | 16:17 |
| walkerboh | Okay, so I get the app on my phone, and on my Windows 7 box. | 16:17 |
| nowen | yep | 16:17 |
| walkerboh | K | 16:17 |
| walkerboh | I am on my PC - how would I go about generating my 2nd auth? (Browser?) | 16:18 |
| nowen | you enter your PIN, it is encrypted and sent to the server. | 16:18 |
| walkerboh | How do I know the pin? | 16:18 |
| nowen | you have set it previously | 16:18 |
| walkerboh | K | 16:18 |
| walkerboh | Go head .. Walk me through it | 16:18 |
| nowen | really, doing this would be easier than explaining | 16:18 |
| nowen | try this page: http://www.wikidsystems.com/downloads/html5-token | 16:19 |
| walkerboh | *Reading* | 16:19 |
| nowen | an HTM5 version of the token is there | 16:19 |
| nowen | click Generate Keys | 16:20 |
| nowen | then double enter your PIN | 16:21 |
| nowen | and you get back a registration code | 16:23 |
| nowen | the registration code is then used to associate the key pair exchange and PIN with a user | 16:23 |
| walkerboh | Okay, so now I have the Reg Code. | 16:24 |
| walkerboh | Now that I have the Reg Code - what would I put it in? | 16:25 |
| nowen | is there an option to "continue registration"? | 16:25 |
| walkerboh | Let me try in I.E. instead of Chrome. | 16:25 |
| nowen | hmm, works for me in chrome | 16:26 |
| walkerboh | Well perhaps operator error :-) | 16:27 |
| nowen | it should automatically redirect you to the registration page | 16:27 |
| nowen | also, I didn't see your registration on the server | 16:27 |
| nowen | anyway, when you add a domain, the token sends it's public key to the server. the server responds with it's public key, a conf file and the PIN request | 16:29 |
| nowen | user enters PIN and gets back the reg code | 16:29 |
| nowen | once the reg code is validated on the server, the user is good to go | 16:30 |
| nowen | they want to login, the enter the pin, get the otp, start the VPN client and enter their username and the OTP | 16:30 |
| nowen | on the back-end, VPN sends creds to NPS, which does authz and forwards them to WiKID which does authn | 16:31 |
| walkerboh | BRB | 16:44 |
| walkerboh | Okay I'm back. Sorry, High Breakdown ticket I had to fix. | 16:55 |
| nowen | np | 16:55 |
| walkerboh | FYI: Using Internet Explorer 8 | 16:55 |
| walkerboh | I get a JavaScript Error. | 16:55 |
| walkerboh | Line 85, and Line 102 | 16:55 |
| walkerboh | jquery.js | 16:55 |
| walkerboh | .... | 16:56 |
| nowen | yeah, IE is all over the place on HTML5. | 16:56 |
| walkerboh | Hee hee | 16:56 |
| walkerboh | Generating | 16:56 |
| nowen | best bet is the java token, iphone token or read this: http://www.wikidsystems.com/learn-more/technology/overview | 16:56 |
| nowen | the html5 token is really alpha b/c of the lack of standards | 16:57 |
| walkerboh | Stop Running the Script? (Script causing I.E. to run slowly) --> Answered YES | 16:58 |
| walkerboh | Registering | 16:59 |
| walkerboh | Registered Token | 17:00 |
| walkerboh | Received OneTime PassCode | 17:01 |
| walkerboh | Logged in | 17:01 |
| nowen | the html5 token is limited to one domain, so the registration is easier. | 17:02 |
| nowen | and of course, your registration would be secured or manual | 17:02 |
| walkerboh | Okay, so I generate a PIN via the WikiD app. So if I opened up Cisco Entered my username and PIN for password. The Pin goes to A.D. then back to WikiD for final challange. | 17:07 |
| nowen | where PIN == OTP? ;) | 17:07 |
| walkerboh | Right OTP is what I meant. | 17:08 |
| walkerboh | Gotcha. | 17:08 |
| nowen | the username and OTP go to NPS/AD and then on to WiKID, yes | 17:08 |
| walkerboh | And NPS knows to send it to WikiD via what technology? | 17:08 |
| nowen | radius | 17:09 |
| nowen | http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-add-two-factor-authentication-to-nps | 17:09 |
| walkerboh | So I might configure ASA to Point to A.D. Via Radius. | 17:09 |
| nowen | yes | 17:10 |
| walkerboh | NPS picks it up and sends to WikiD/FreeRadius | 17:10 |
| walkerboh | ? | 17:10 |
| nowen | there is no freeradius involved, but yes | 17:10 |
| walkerboh | WkiD can talk Radius without FreeRadius? | 17:11 |
| nowen | yes | 17:11 |
| walkerboh | *Nods* That's good to know. | 17:11 |
| *** heckface (62f59ea6@gateway/web/freenode/ip.98.245.158.166) has joined #wikid | 17:11 | |
| nowen | walkerboh: enterprise version only | 17:12 |
| walkerboh | Nowen: Licensing is for 25 OTP - or total registered users? | 17:13 |
| nowen | licensing is by seat, where a seat == a username in a domain | 17:13 |
| nowen | a user can have more than one token | 17:13 |
| heckface | hey all. I use the locked token client on windows 7. I need to do a reinstall. Since it's the locked version can I back up the appdata and restore to the new OS install and have it work? It says it's tied to a specific PC. Wasn't sure if it did that by hardware or OS/software. | 17:14 |
| heckface | *I need to do an OS reinstall | 17:15 |
| nowen | hmm | 17:15 |
| nowen | not sure. most likely it grabbed some hardware id, cpu id or mac addy | 17:15 |
| nowen | I'm curious to know :) | 17:16 |
| nowen | in the worst case, you would just have to re-register | 17:16 |
| walkerboh | Nowen: In my case would it be any A.D. account i setup to use "Control Access through NPS Network Policy" or all users in the Domain? | 17:16 |
| nowen | users in a WiKID domain | 17:17 |
| heckface | @nowen: excellent. that's what I was hoping (hardware based). Thanks. | 17:17 |
| walkerboh | When I use the WikiD Java App - it generates that user to the local linux box? | 17:18 |
| nowen | walkerboh: not sure what you are talking about, what local linux box? | 17:19 |
| walkerboh | PC --> ASA --> A.D. --> Wiki Linux Box | 17:20 |
| nowen | no local user needed on the WiKID server | 17:20 |
| nowen | the users are in the WiKID application, not the server | 17:20 |
| walkerboh | I see. | 17:21 |
| walkerboh | Can I delete users | 17:21 |
| nowen | yes | 17:21 |
| walkerboh | (Through the java APP?) | 17:21 |
| nowen | there is a web UI to manage the server | 17:21 |
| walkerboh | I think I asked this before, but need a bit more clarification. | 17:24 |
| walkerboh | So I want to generate a PIN. | 17:25 |
| walkerboh | I enter my A.D. username ,and then my A.D password? Or WikiD's Password? | 17:25 |
| walkerboh | (Generate my OTP) | 17:25 |
| *** heckface has quit (Ping timeout: 245 seconds) | 17:25 | |
| nowen | to generate the OTP, you enter your WiKID PIN | 17:26 |
| walkerboh | But instaed of PIN I can't use A.D. password? | 17:26 |
| nowen | no | 17:27 |
| walkerboh | So the two form factor is all in the PKI and OTP - not necessarily a different serve (i.e. A.D.)r? | 17:28 |
| nowen | yes | 17:29 |
| nowen | If you're interested, I suggest you download the server and give it a spin | 17:36 |
| walkerboh | Now that I know the logic I think I will -thanks for you help. | 17:45 |
| nowen | no problem | 17:45 |
| *** walkerboh has quit (Ping timeout: 245 seconds) | 17:53 | |
| *** Terho (bc750802@gateway/web/freenode/ip.188.117.8.2) has joined #wikid | 18:48 | |
| nowen | hey Terho | 18:48 |
| Terho | hi | 18:49 |
| nowen | thanks for the order | 18:49 |
| Terho | ok, I think we are a bit late with it - too busy with other stuff. | 18:49 |
| Terho | do I need to do something with our server config now? | 18:50 |
| nowen | I understand. We could do better at reminding too | 18:50 |
| nowen | we should check your certs to make sure they are not about to expire | 18:50 |
| nowen | http://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-do-i-know-if-my-certificate-is-valid | 18:51 |
| Terho | Valid from: Fri Nov 20 13:43:42 EET 2009 until: Mon Nov 19 13:43:42 EET 2012 | 18:57 |
| Terho | ;-) | 18:57 |
| nowen | what about the localhost? | 18:57 |
| Terho | Valid from: Fri Nov 20 14:04:05 EET 2009 until: Sat Nov 20 14:04:05 EET 2010 | 18:59 |
| nowen | ok - are you running any wAuth network clients? or just radius? | 18:59 |
| Terho | radius | 19:00 |
| nowen | ok - all you have to do is create a new localhost cert through the WiKIDAdmin | 19:00 |
| Terho | ok. I'll try that, but it'll happen after two hours. I return if there is some problem | 19:01 |
| nowen | ok | 19:01 |
| nowen | after you create it, restart wikid. I recommend you do | 19:02 |
| nowen | "wikidctl stop" | 19:02 |
| nowen | and then "wikidctl start" | 19:02 |
| Terho | thanks | 19:02 |
| nowen | to make sure that radius restarts | 19:02 |
| nowen | you can do "killall -9 java" in between too | 19:02 |
| Terho | ok | 19:02 |
| joevano | wow busy day... earning your keep nowen | 19:02 |
| nowen | hehe | 19:02 |
| nowen | all good stuff :) | 19:03 |
| Terho | :-) | 19:03 |
| *** singha (0c289623@gateway/web/freenode/ip.12.40.150.35) has joined #wikid | 19:31 | |
| *** singha has quit (Client Quit) | 19:32 | |
| *** bvkg (0c289623@gateway/web/freenode/ip.12.40.150.35) has joined #wikid | 20:33 | |
| *** bvkg has quit (Client Quit) | 20:34 | |
| *** Tom___ (42969c01@gateway/web/freenode/ip.66.150.156.1) has joined #wikid | 21:13 | |
| nowen | Hi Tom___ | 21:14 |
| Tom___ | hi! | 21:14 |
| Tom___ | can i ask questions here? | 21:14 |
| nowen | sure | 21:14 |
| Tom___ | been looking at the online docs | 21:14 |
| Tom___ | not sure which really fit my example | 21:14 |
| nowen | what are you trying to do? | 21:14 |
| Tom___ | my current auth system incorporates using NPS as a radius server to validate AD user credentials when people connect VIA vpn | 21:15 |
| nowen | ok | 21:15 |
| Tom___ | i'd like to add wikid into the mix, but i dont want to just use the OTP | 21:15 |
| nowen | hmm | 21:15 |
| Tom___ | i would like to be able to use a combination of the AD password, and OTP | 21:15 |
| Tom___ | i found the docs on NPS but that only covers OTP | 21:16 |
| nowen | well, 2 things. | 21:16 |
| nowen | first, I would make the case that it is better to not use your LAN password outside the lan | 21:16 |
| nowen | second, can your VPN take all three? | 21:17 |
| Tom___ | im using a cisco ASA platform | 21:17 |
| Tom___ | looked up the docs for that too, and i dont see anything recent | 21:17 |
| Tom___ | maybe one dealing with vpn3k concentrators | 21:17 |
| Tom___ | but thats also just using OTP | 21:17 |
| nowen | yeah, we do what we can, but in the end there are a lot of VPNs | 21:18 |
| nowen | you'll have to ask Cisco about it | 21:18 |
| nowen | also, not sure if NPS would use it or not | 21:18 |
| Tom___ | but as far as using NPS -- no way to use both LAN pw and OTP combo? | 21:18 |
| Tom___ | so obv i just dl'd the product and trying it out before purchase. | 21:19 |
| nowen | I'm not sure. to the best of my knowledge it only validates on the username | 21:19 |
| Tom___ | following the vid tutorials | 21:19 |
| Tom___ | 4 digit or whatever digit pin | 21:19 |
| nowen | Yeah, we like people to get it set up before buying | 21:19 |
| Tom___ | does not go over well in terms of authentication. | 21:19 |
| Tom___ | sure, they have the token, and they have 3 guesses to hit the pin | 21:20 |
| Tom___ | but in the case of the enduser idiot savant | 21:20 |
| nowen | it is not just a 4 digit pin, the two factors are knowledge of the PIN and possession of the private key in the tokne | 21:20 |
| Tom___ | their pin may be something like | 21:20 |
| Tom___ | 1234 | 21:20 |
| nowen | not sure how that matter | 21:20 |
| nowen | s | 21:20 |
| nowen | if the user is being keylogged, they will get the password too | 21:20 |
| nowen | it is still two-factor auth | 21:20 |
| nowen | you can make the PIN longer | 21:21 |
| Tom___ | well, lets assume i plan on using the blackberry token client | 21:21 |
| nowen | ok | 21:21 |
| Tom___ | i mean if i got a real genius out there that puts in a note in lets say contacts, or whatever that reads something like "VPN CREDENTIALS" | 21:22 |
| Tom___ | and in there, they put in their user name, and "USE WIKID APP FOR PASSWORD" | 21:22 |
| Tom___ | the fact theres a posession of a private key seems somewhat moot | 21:22 |
| Tom___ | like if i think of two factor, for instance | 21:23 |
| Tom___ | i would have something i would know | 21:23 |
| Tom___ | for instance, a LAN password | 21:23 |
| Tom___ | and something I have, for instance a token. | 21:23 |
| Tom___ | the fact i have the token | 21:23 |
| Tom___ | would imply i would be able to obtain the passcode if super weak credentials are used. | 21:24 |
| Tom___ | err, pin i mean | 21:24 |
| Tom___ | and yes, sure, you can make the pin like 8+ digits, but then end users are just going to make the pin really silly. | 21:25 |
| Tom___ | 00000001 | 21:25 |
| nowen | so, why are you spending so much time on WiKID? | 21:25 |
| Tom___ | meaning? | 21:25 |
| nowen | well, you sound like you want to use hardware tokens | 21:26 |
| Tom___ | well, my hope would be to use the wikid product as a hardware token. | 21:26 |
| Tom___ | logically speaking | 21:26 |
| Tom___ | everyone and their grandma has a blackberry -- would be nice to incorporate the wikid token client for BB on their blackberry and call it a day. | 21:27 |
| nowen | sure. | 21:27 |
| Tom___ | but im assuming that everyone who has been using wikid isnt thinking about using it in my particular use case? | 21:27 |
| nowen | no, we often get people that think they should use a lan password + otp and a wikid tokne | 21:28 |
| nowen | but it isn't supported by VPN or MS to my knowledge | 21:28 |
| nowen | and I would argue that it is because it doesn't add any real security advantage | 21:29 |
| Tom___ | really? thats an interesting outlook. | 21:30 |
| Tom___ | lets say i work for ACME corporation and my user name is "tom" | 21:30 |
| nowen | it is still two factors - two things you know and one thing you have | 21:30 |
| Tom___ | and my password is "password" | 21:30 |
| Tom___ | thats one factor that I know | 21:32 |
| Tom___ | and the other would be some sort of token. | 21:32 |
| Tom___ | can you explain to me how having that private key on your blackberry wikid token is one factor? | 21:32 |
| Tom___ | let me rephrase that one... | 21:33 |
| Tom___ | how is that one factor any different from having the physical blackberry? let me fire up the client again | 21:33 |
| Tom___ | maybe im missing something obvious | 21:33 |
| nowen | well, would you consider a certificate to be a factor? | 21:34 |
| Tom___ | i get what youre saying nowen. i get its "technically" a factor | 21:37 |
| Tom___ | what im trying to get at is, real world use, some of these factors arent very good to rely on | 21:37 |
| Tom___ | because they can be easily thwarted and or compromised by end users. | 21:37 |
| nowen | sounds like what you're sayings is that people can't be relied on ;) | 21:37 |
| Tom___ | yes. | 21:38 |
| Tom___ | i have to treat my end users sort of like that. | 21:38 |
| Tom___ | if my end users could, they would use a password "!23" | 21:38 |
| Tom___ | "123" | 21:38 |
| Tom___ | or some silliness | 21:38 |
| nowen | then you should spend the money you save with WiKID on DLP and other tools. | 21:38 |
| Tom___ | already have DLP, and that does not prevent idiotic choices proactively, unfortunately. | 21:39 |
| Tom___ | but that would be the case for any user base, anywhere, for any company. | 21:40 |
| nowen | so, here's what i would say. WiKID is like a cert, except that the only thing it does is encrypt the PIN and decrypt the OTP. | 21:40 |
| Tom___ | yep! | 21:41 |
| nowen | this means no offline brute force attack | 21:41 |
| Tom___ | got it. | 21:41 |
| nowen | no infrastructure | 21:41 |
| nowen | and the OTP works in any UI | 21:41 |
| Tom___ | and what im saying is my usecase i want to use a cert + password to auth the user. | 21:41 |
| nowen | gotcha | 21:41 |
| Tom___ | i realize technically that their username just as good | 21:42 |
| nowen | you'll need to head to #cisco and #microsoft | 21:42 |
| Tom___ | ./wrist | 21:42 |
| Tom___ | :-) | 21:42 |
| nowen | heeh | 21:42 |
| nowen | I bet that Cisco can sell you a product that would do it | 21:42 |
| nowen | maybe their ASA? | 21:42 |
| Tom___ | thanks for answering my questions, as odd as they may seem. i'll come back if i have any other Q's,. time to go bug cisco/msft then. | 21:43 |
| nowen | please document what you find or let me know, | 21:43 |
| nowen | we can put it up on the website | 21:44 |
| Tom___ | ah | 21:45 |
| Tom___ | actually it looks like this is possible via the ASA | 21:45 |
| Tom___ | http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html | 21:45 |
| Tom___ | section "double authentication" | 21:45 |
| Tom___ | so you can use OTP | 21:45 |
| Tom___ | like wikid | 21:45 |
| nowen | nice | 21:45 |
| Tom___ | cool. as silly as this may sound, may be good to pub one, since i know the asa models are fairly popular out there. | 21:46 |
| Tom___ | or heck even a one page link thanks again. | 21:46 |
| nowen | you got an ASA already? | 21:47 |
| Tom___ | yeah | 21:47 |
| Tom___ | if you like i can try to set it up | 21:47 |
| Tom___ | in my lab and i'll let you know what config is involved. | 21:47 |
| nowen | sounds like you want to :) | 21:47 |
| nowen | that would be awesome | 21:47 |
| Tom___ | yeah, need to try something out :) | 21:47 |
| Tom___ | okay. cool | 21:47 |
| nowen | i'll be here tomorrow and monday, but scarce tues, wens & thurs | 21:48 |
| nowen | have you set up your WiKID server yet? | 21:48 |
| nowen | I see you have cert | 21:49 |
| Tom___ | yes. i do have a cert. | 21:49 |
| Tom___ | i've set it up and i got a wikid client that seems to work | 21:50 |
| Tom___ | but i havent validated that the pin works using radlog or anything | 21:50 |
| Tom___ | watched the vid tutorial | 21:50 |
| Tom___ | but the client tester seemed a bit funky atleast on my machine | 21:51 |
| nowen | time for me to get on home | 21:58 |
| *** nowen has quit (Quit: Leaving.) | 21:59 | |
| *** jl3128 (446e7bd2@gateway/web/freenode/ip.68.110.123.210) has joined #wikid | 23:11 | |
| *** jl3128 has parted #wikid (None) | 23:13 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!