| entrans | i'm still working it | 00:29 |
|---|---|---|
| entrans | so here's the error the client is getting: Nota: Podemos brindarle una conexión via TeamvieWer para que puedo conectarse al servidor y asi poder ayudarnos mejor , | 01:11 |
| entrans | this seems to be coming from the actual vpn solution using wikid | 01:12 |
| entrans | I've requested the wikid logs to see if that will shed any light | 01:25 |
| *** Skelroy_afk is now known as Skelroy | 02:09 | |
| entrans | i'm in their system now remotely - i could use some help here ;-) | 02:10 |
| entrans | so far i've found that the apparently tried to migrate from a physical server to vmware | 02:11 |
| entrans | they had problems and reverted back to the physical server | 02:11 |
| entrans | that was yesterday | 02:11 |
| entrans | this morning they discovered that no one was able to get into the vpn solution | 02:11 |
| entrans | it's uncertain how they came to the conclusion that it was wikid but at this point we are unable to login to the wikid management page with the credentials they claim are correct | 02:12 |
| entrans | i'm in with putty logging at logs but as much as I know about centos i'm not sure what I should be looking for specifically related to wikid | 02:12 |
| entrans | any thoughts would be appreciated | 02:12 |
| *** Skelroy has quit (Quit: Gotta go) | 06:56 | |
| *** rtnkk_ (ca93b791@gateway/web/freenode/ip.202.147.183.145) has joined #wikid | 07:04 | |
| rtnkk_ | hello | 07:04 |
| *** rtnkk_ has quit (Ping timeout: 245 seconds) | 07:11 | |
| *** entrans has quit (Ping timeout: 245 seconds) | 08:25 | |
| *** joevano has quit (Ping timeout: 240 seconds) | 13:25 | |
| *** vladdy has quit (Ping timeout: 240 seconds) | 13:28 | |
| *** vladdy (~vladdy@194.242.5.47) has joined #wikid | 13:29 | |
| *** joevano (~joevano@c-71-193-108-171.hsd1.in.comcast.net) has joined #wikid | 13:31 | |
| *** joevano has quit (Changing host) | 13:31 | |
| *** joevano (~joevano@bzflag/developer/JoeVano) has joined #wikid | 13:31 | |
| *** teshian (~imacdonal@199.255.83.46) has joined #wikid | 14:56 | |
| *** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 14:59 | |
| teshian | Hey, i think i fixed my wikid issues, 384 meg isn't enough to handle a nessus scan | 15:00 |
| nowen | teshian: yeah, makes sense. good news | 15:00 |
| teshian | But i am seeing the occasional ssl exceptions when nessus scans some of our switches that have radius enable and IAS reporting wikid didn't respond to an auth request, not sure if it is an IAS issue or wikid issue, I am looking for the logs | 15:02 |
| nowen | looking for logs in wikid or ias? | 15:03 |
| teshian | wikid | 15:03 |
| nowen | what flavor of radius are you using? | 15:03 |
| teshian | ssl | 15:04 |
| nowen | but are you using peap or chap or ? | 15:06 |
| teshian | Sep 14 01:25:43 localhost.localdomain user:ERROR server.wAuth [Thread-320,run:218] Couldn't validate the client certificate. Verify the validity and dates of the client cert. | 15:08 |
| teshian | Sep 14 01:25:43 localhost.localdomain javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated | 15:08 |
| teshian | Sep 14 01:25:43 localhost.localdomain at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:371) | 15:08 |
| teshian | Sep 14 01:25:43 localhost.localdomain at com.wikidsystems.server.wAuth.run(wAuth.java:211) | 15:08 |
| teshian | Sep 14 01:25:43 localhost.localdomain at java.lang.Thread.run(Thread.java:679) | 15:08 |
| teshian | Sep 14 01:25:43 localhost.localdomain user:INFO log.DBSvrLogImpl [Session.1,write:44] Exception in thread: DATAGRAM LEN = 96 FROM x.x.x.x:1091 java.lang.NullPointerException | 15:08 |
| teshian | at com.wikidsystems.client.wClient.CheckCredentials(wClient.java:535) at com.wikidsystems.radius.access.WikidAccess4.authenticate(WikidAccess4.java:432) at com.theorem.radserver3.RADIUSSession.o(DashoA10*..) at com.theorem.radserver3.RADIUSSession.d(DashoA10*..) at com.theorem.radserver3.RADIUSSession.run(DashoA10*..) at java.lang.Thread.run(Thread.java:679) | 15:08 |
| nowen | check the dates on your localhost cert http://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-do-i-know-if-my-certificate-is-valid/view?searchterm=certificate%20valid | 15:08 |
| teshian | it only happens occasionally some work some don't | 15:09 |
| teshian | using unencrypted pap | 15:11 |
| teshian | mmm | 15:14 |
| teshian | Valid from: Mon Apr 11 16:46:11 EDT 2011 until: Tue Apr 10 16:46:11 EDT 2012 | 15:14 |
| teshian | for /opt/WiKID/private/localhost.p12 | 15:15 |
| nowen | you can just create a new one. you should check your wauth certs too, if you have any | 15:15 |
| teshian | you mean intCAKeys.p12? or something else | 15:16 |
| nowen | your can check the intCAKeys too, but what I mean is any additional p12 files you might have created for a wauth-based network client | 15:16 |
| nowen | if all your network clients are radius, you won't have any | 15:17 |
| teshian | so there is nothing encrypted using the localhost.p12 cert? it is just used in the same way as an web ssl cert | 15:17 |
| teshian | yeah intCAKeys.p12 is good till 2012 | 15:17 |
| teshian | oops 2014 | 15:17 |
| nowen | it is used for radius communication to the server, and any wauth client that might be on the server - adregister or example.jsp, e.g. | 15:18 |
| teshian | i was scared to touch them incase stuff was encrypted (thinking pgp keys) | 15:19 |
| teshian | I got bitten by java versions during the upgrade, silly /etc/wikid/java.conf gets sourced on login on login, so I didn't notice it choose the wrong version of java till a couple days later when someone else was restarting wikid | 15:20 |
| nowen | I see | 15:21 |
| teshian | you are recommneding openjdk now? | 15:21 |
| nowen | well, we think it is as stable as suns and it's easier to install | 15:21 |
| teshian | I am thinking about removing the sun jdk and just use the openjdk that comes with centos 5 | 15:22 |
| nowen | this is on your test box? | 15:22 |
| teshian | yes first, | 15:22 |
| nowen | shouldn't be a problem. I haven't really tested that process | 15:23 |
| teshian | you are testing on 64bit centos 5 now? | 15:23 |
| nowen | yes. the new release uses tomcat 7, which has a compiled jsvc script to start the server, so we now have a 32-bit and a 64 bit utilities rpm | 15:24 |
| teshian | Cool, | 15:25 |
| teshian | I was a little nervous about upgrading from the 32bit utils to the 64bit rpm, but doing an yum install 64bit.rpm just worked | 15:25 |
| nowen | huh - you upgraded a 32 bit centos to 64 via yum? | 15:26 |
| nowen | or are you saying WiKID? | 15:26 |
| teshian | no the wikid utils rpm | 15:27 |
| nowen | ahh - that makes more sense ;) | 15:27 |
| teshian | 64 but centos is our standard unless something doesn't work | 15:28 |
| *** teshian_ (~imacdonal@199.255.83.46) has joined #wikid | 15:43 | |
| *** teshian has quit (Read error: Connection reset by peer) | 15:43 | |
| *** teshian_ is now known as teshian | 15:43 | |
| *** nowen has quit (Ping timeout: 272 seconds) | 16:17 | |
| *** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 16:30 | |
| *** entrans (be509184@gateway/web/freenode/ip.190.80.145.132) has joined #wikid | 20:20 | |
| entrans | quick question - is the install process for version 3.4.87 significantly diferent from 3.5? | 20:22 |
| nowen | no | 20:22 |
| entrans | I'm installing from ISO - so the 3.4.87 iso doesn't seem to come with the wikid components | 20:23 |
| nowen | type 'install' at the boot prompt | 20:23 |
| entrans | ok | 20:23 |
| nowen | that's one difference ;) | 20:23 |
| entrans | install doesn't seem to work | 20:24 |
| entrans | i found just /usr/bin/install | 20:25 |
| nowen | by boot prompt, I mean the first prompt you get when you run the install of the iso | 20:25 |
| entrans | no where else on the file system do i see install | 20:25 |
| entrans | ah | 20:25 |
| nowen | you have to reinstall the iso | 20:25 |
| entrans | perhaps putting my glasses on would help | 20:25 |
| nowen | maybe that is really called the grub boot prompt? | 20:25 |
| entrans | they are making me coffee now - so i think i'll be okay from here on out - lol | 20:26 |
| entrans | thanks | 20:26 |
| entrans | i swore i saw hit enter to install but like i said the coffee hasn't arrived yet - i'm starting over | 20:28 |
| nowen | yeah, we had it that way because we once thought about doing a livecd, but with VMs now there is no need | 20:29 |
| entrans | ok | 20:29 |
| entrans | understood | 20:29 |
| entrans | now we're cooking with gas - it's auto installing like it should now - thanks | 20:31 |
| nowen | np | 20:32 |
| entrans | the client said i'm very dominican now - i hit enter before reading ;-) I guess that means I'm excepted - lol | 20:32 |
| nowen | ha! | 20:33 |
| nowen | believe me, that's why we removed it. | 20:33 |
| *** entrans has quit (Ping timeout: 245 seconds) | 20:37 | |
| *** entrans (be509184@gateway/web/freenode/ip.190.80.145.132) has joined #wikid | 20:45 | |
| *** entrans has quit (Ping timeout: 245 seconds) | 20:59 | |
| *** entrans (be509184@gateway/web/freenode/ip.190.80.145.132) has joined #wikid | 21:24 | |
| entrans | i have taken the tarball created from my previous machine and extracted it in the new one I just created - i stopped services before the copy and restarted them after the copy | 21:25 |
| entrans | afer going into the web interface i saw nothing related to the user files | 21:25 |
| entrans | i'm going to go in again and check that i extracted them properly but i just thought i'd check to be sure I didn't miss anything | 21:26 |
| nowen | ok - so you set up the new server, created certs, stopped the server and untarred the file? | 21:26 |
| *** entrans has quit (Ping timeout: 245 seconds) | 21:47 | |
| *** nowen has quit (Quit: Leaving.) | 22:36 | |
| *** teshian has quit (Quit: teshian) | 23:16 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!