| *** Skelroy_afk is now known as Skelroy | 03:40 | |
| *** Skelroy is now known as Skelroy_afk | 05:26 | |
| *** Skelroy_afk is now known as Skelroy | 05:30 | |
| *** vladdy (~vladdy@194.242.5.47) has joined #wikid | 05:31 | |
| *** vladdy has quit (Quit: Get MacIrssi - http://www.sysctl.co.uk/projects/macirssi/) | 05:44 | |
| *** vladdy (~vladdy@194.242.5.47) has joined #wikid | 05:59 | |
| *** Skelroy is now known as Skelroy_afk | 08:24 | |
| *** donny (~joevano@c-71-193-108-171.hsd1.in.comcast.net) has joined #wikid | 11:37 | |
| *** donny has quit (Changing host) | 11:37 | |
| *** donny (~joevano@bzflag/developer/JoeVano) has joined #wikid | 11:37 | |
| *** joevano has quit (*.net *.split) | 11:42 | |
| *** Guest26394 has quit (Ping timeout: 245 seconds) | 11:52 | |
| *** donny has quit (Quit: leaving) | 11:58 | |
| *** joevano (~joevano@bzflag/developer/JoeVano) has joined #wikid | 12:00 | |
| *** joevano has quit (Client Quit) | 12:01 | |
| *** joevano (~joevano@bzflag/developer/JoeVano) has joined #wikid | 12:01 | |
| *** nowen (~nowen@adsl-98-66-183-205.asm.bellsouth.net) has joined #wikid | 12:14 | |
| *** Skelroy_afk is now known as Skelroy | 13:57 | |
| *** troy_ (6b02a614@gateway/web/freenode/ip.107.2.166.20) has joined #wikid | 14:21 | |
| *** nowen has quit (Remote host closed the connection) | 16:04 | |
| *** nowen (~nowen@adsl-98-66-183-205.asm.bellsouth.net) has joined #wikid | 16:06 | |
| *** nowen has quit (Remote host closed the connection) | 16:14 | |
| *** nowen (~nowen@adsl-98-66-183-205.asm.bellsouth.net) has joined #wikid | 16:15 | |
| *** mo (4084d7c2@gateway/web/freenode/ip.64.132.215.194) has joined #wikid | 18:22 | |
| mo | hi nick | 18:22 |
|---|---|---|
| nowen | hi | 18:22 |
| *** mo is now known as Guest35590 | 18:22 | |
| Guest35590 | i got another problme | 18:22 |
| Guest35590 | :-( | 18:23 |
| nowen | what? | 18:23 |
| Guest35590 | couple of weeks ago you helped me to upgrade wikid | 18:23 |
| nowen | yes | 18:23 |
| Guest35590 | it worked for a while | 18:23 |
| Guest35590 | but now i get this error 'url changed. please try again' | 18:23 |
| nowen | are you using mutual https authentication? | 18:24 |
| Guest35590 | what is that? | 18:24 |
| nowen | if you put an URL in the 'Registered URL' box on the domain page, it sets it up | 18:24 |
| nowen | http://www.wikidsystems.com/learn-more/technology/mutual_authentication | 18:25 |
| nowen | do you have an url in the 'Registered URL' box on the domain page? | 18:25 |
| nowen | if so, delete it and restart the token | 18:28 |
| Guest35590 | yes | 18:28 |
| nowen | also, I am able to add a domain to our token under android 4.0.4 | 18:29 |
| Guest35590 | great i will ask teh user to retry... what carrier do you have for your android 4.0.4 | 18:30 |
| nowen | t-mobile | 18:30 |
| nowen | perhaps you can get your hands on the phone yourself and see? | 18:31 |
| Guest35590 | i did | 18:31 |
| Guest35590 | but today am wokring form home | 18:31 |
| nowen | also, you can try to add this domain: 88888888888 it is our test domain | 18:31 |
| Guest35590 | ok when you say restart token do you mean server | 18:32 |
| Guest35590 | or client | 18:32 |
| nowen | client | 18:32 |
| Guest35590 | i tried that... got same | 18:33 |
| Guest35590 | error | 18:33 |
| nowen | did you recently add the url to the domain page? | 18:34 |
| Guest35590 | i get this from pc's only | 18:34 |
| Guest35590 | nope domain was there al the time even before updgarde | 18:34 |
| nowen | mutual https is only for pc tokens | 18:34 |
| nowen | what url was in it? | 18:34 |
| Guest35590 | https://drgts.globetax.com | 18:35 |
| nowen | did the cert on that url change? | 18:35 |
| Guest35590 | no | 18:36 |
| nowen | is this only your pc token? | 18:36 |
| Guest35590 | no | 18:37 |
| Guest35590 | all others dont work | 18:37 |
| Guest35590 | however i can get pin from iphone | 18:37 |
| nowen | ok - here is how mutual https auth works. You put an https url in the registered url box. The server grabs the cert and hashes it and stores the hash | 18:38 |
| nowen | when a pc token asks for an OTP, the hash is also sent to the token | 18:38 |
| nowen | before the user gets the OTP, the token goes to the url, grabs the cert and hashes it and compares it to the hash from the sever | 18:39 |
| nowen | servr | 18:39 |
| nowen | server | 18:39 |
| nowen | ;) | 18:39 |
| nowen | if they match, the OTP is presented, and the browser is launched | 18:39 |
| nowen | if they do not match, you get the error you got | 18:40 |
| nowen | so, if the cert didn't change, it is possible that there is a mitm attack against you | 18:40 |
| nowen | but the cert looks ok to me | 18:41 |
| nowen | the fact that it is all your PC users makes me think that it is a configuration error | 18:41 |
| Guest35590 | it must be in that file that you have me go to usually | 18:42 |
| Guest35590 | i forget what its called | 18:42 |
| nowen | hmm, I don't know what file you mean. also, there really isn't a file involved here | 18:43 |
| Guest35590 | if i remove the url form there it should work... but that is not working either | 18:46 |
| nowen | and you restarted the token client? | 19:07 |
| nowen | what is your domain identifier? | 19:07 |
| Guest35590 | 064132182230 | 19:35 |
| nowen | ok - works for me. | 19:35 |
| nowen | try putting the URL back in | 19:36 |
| Guest35590 | i get same 'url changed. pelase tray again' | 19:37 |
| nowen | hmm, well something must have changed. can you think of what it might have been? | 19:39 |
| nowen | when you browse to that site from your computer, do you get your cert? | 19:40 |
| Guest35590 | we've upgraded our cag; but it was working after that; then we upgraded linux; worked after that; then we upgraded wikid; it worked after that for a while; then broke | 19:45 |
| Guest35590 | so obviously a lot changed | 19:45 |
| nowen | yes | 19:46 |
| Guest35590 | hoever, when i use my phone i get the pin | 19:46 |
| nowen | when you upgrade your CAG did you get a new cert for it? | 19:46 |
| Guest35590 | its only conencting via a pc | 19:46 |
| nowen | the smartphone tokens do not support mutual https | 19:46 |
| nowen | that's why they are not affected | 19:47 |
| nowen | so, clearly the issue is the cert | 19:47 |
| Guest35590 | can i turn that off and try | 19:48 |
| nowen | when you remove the url, you turn it off. | 19:50 |
| nowen | but you might need to re-register the tokens. | 19:51 |
| nowen | did you cag get a new IP or domain name? what is always drgts? | 19:51 |
| Guest35590 | cag was upgraded but everything else remained the same espcially the cert | 19:55 |
| nowen | I wonder if you restart wikid if that would clear it out | 19:55 |
| nowen | maybe the cert is cached in tomcat | 19:56 |
| Guest35590 | the cert had no issues | 19:56 |
| Guest35590 | already rebooted wikid too | 19:56 |
| nowen | before removing the url or after? | 19:56 |
| Guest35590 | after | 19:57 |
| nowen | try registering a new token, mine is working | 19:58 |
| Guest35590 | can i register different token on teh sam epc | 19:59 |
| Guest35590 | same pc | 19:59 |
| nowen | yes, you just need to put it in a different folder. You might have to create a WiKIDToken.wkd file in there too. it can just be an empty file | 20:00 |
| Guest35590 | i use the no installer wikid | 20:01 |
| nowen | yes | 20:01 |
| nowen | hmm | 20:02 |
| nowen | ok - I added your url to one of my servers and got the same error | 20:03 |
| Guest35590 | interesting... works from my laptop | 20:03 |
| Guest35590 | my desktop is on vpn let my try disconnecting vpn and try | 20:04 |
| Guest35590 | from the desktop i get url changed | 20:05 |
| nowen | from the desktop on a new token? | 20:07 |
| *** Guest35590 has quit (Ping timeout: 245 seconds) | 20:10 | |
| *** mo (d8390e7c@gateway/web/freenode/ip.216.57.14.124) has joined #wikid | 20:11 | |
| mo | hello | 20:11 |
| nowen | hi | 20:11 |
| *** mo is now known as Guest27693 | 20:11 | |
| Guest27693 | got disconnected | 20:12 |
| Guest27693 | anyway it works from my laptop | 20:12 |
| nowen | and is that a new client? | 20:12 |
| Guest27693 | no | 20:12 |
| nowen | hmm | 20:13 |
| nowen | interesting | 20:13 |
| Guest27693 | yup... phone works... laptop works... PCs don't work | 20:18 |
| nowen | try adding the url back into the domain | 20:19 |
| Guest27693 | same thign | 20:39 |
| Guest27693 | what if the certificate changes? | 20:44 |
| Guest27693 | i am about to upgrade one of our CAGs to v.5; this one requires a new cert | 20:44 |
| Guest27693 | I will use a new cert on this one | 20:44 |
| Guest27693 | should i change anything on wikid? | 20:45 |
| nowen | hold on a sec, doing some testing here | 20:47 |
| nowen | ok - this may be a bug | 21:04 |
| nowen | it's possible we could fix it without you having to re-reg your customers. let me keep doing some testing | 21:04 |
| Guest27693 | great | 21:10 |
| nowen | not sure though. something odd has definitely occured | 21:10 |
| Guest27693 | i will stepping out; maybe we can try tomorrow; is this in the new version | 21:10 |
| nowen | we'll be taking a look at, not sure if we'll have a fix tomorrow | 21:11 |
| Guest27693 | is this on the new version of wikid because i plan on upgrading another cag | 21:14 |
| Guest27693 | this one will change the certificate | 21:14 |
| nowen | not sure I understand the question | 21:14 |
| Guest27693 | the issue you are seeing is this on the new version of wikid? | 21:15 |
| nowen | yes | 21:15 |
| Guest27693 | ok | 21:15 |
| nowen | I'm going back through to older versions | 21:15 |
| Guest27693 | i will upgrade my cag but not wikid | 21:15 |
| Guest27693 | the cag has some issues and need to be upgraded | 21:16 |
| *** troy_ has parted #wikid (None) | 21:19 | |
| Guest27693 | ok thanks | 21:21 |
| *** nowen has quit (Quit: Leaving.) | 21:42 | |
| *** Guest27693 has quit (Quit: Page closed) | 22:30 | |
| *** entrans (be50c42c@gateway/web/freenode/ip.190.80.196.44) has joined #wikid | 22:33 | |
| entrans | Hello all | 22:35 |
| entrans | I hate to break in my first time to this IRC with a problem but here goes... | 22:35 |
| entrans | I have a client who had Wikid Server running on a physical machine that bit the dust | 22:35 |
| entrans | the somehow copied it to a VMware instance but are having problems getting the service up | 22:36 |
| entrans | I know that's not enough information to identify the problem but can you give me a clue on how to look for the problem (i.e. specific log files to pull and examine)? | 22:36 |
| entrans | Thanks! | 22:36 |
| entrans | i'm reaching out to the client to give me what they can on the log files - right now i'm directing them to send me the messages file to see what shows up there | 22:49 |
| entrans | let me know if there's a wikid specific log file i should be looking for - thanks | 22:51 |
| entrans | i'm waiting on the client to get back to me - this may take a while - i'll keep updating here in case someone becomes available to see how i'm progressing - thanks! | 22:58 |
| entrans | just for future reference what files would I look to backup on the wikid server so I could rebuild easily from scratch without re-entering all the site specific details? Thanks! | 22:59 |
| *** Skelroy is now known as Skelroy_afk | 23:00 | |
| entrans | well the client has managed to get the server up but still have problems getting the web interface up something about a 403 error which tells me the web instance is not running - i'm waiting on more details | 23:16 |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!