Thursday, 2012-09-27

« Wednesday, 2012-09-26 Index Friday, 2012-09-28 »
*** vladdy has quit (Ping timeout: 246 seconds)06:18
*** vladdy (~vladdy@194.242.5.47) has joined #wikid07:31
*** vladdy has quit (Quit: Get MacIrssi - http://www.sysctl.co.uk/projects/macirssi/)07:37
*** vladdy (~vladdy@194.242.5.47) has joined #wikid07:48
*** nowen (~nowen@adsl-98-66-183-205.asm.bellsouth.net) has joined #wikid12:26
*** dystonic (c7ff532e@gateway/web/freenode/ip.199.255.83.46) has joined #wikid15:05
dystonicello15:05
dystonicHey nick.  let me know when you're around, i has questions.15:06
dystonicnot sure how the preregistration works re:  if the api version allows adding multiples w/out using the web interface to upload, since that was buggy.15:18
dystonicand i'm not a coder, so i need some help w/ the concepts so I can aks the right person to help me w/ it, or do it myself.15:18
dystonici found example.jsp15:18
nowenok - on the phone right now15:23
dystonickk.15:24
nowenok15:30
nowenso, pre-reg in the api was designed for one of our customers that wanted to pre-reg a bunch of users15:31
nowentheir app generated the random pre-reg codes and allowed their CSR people to add users15:35
nowenso the reps would get a pre-reg code and type in the username, then give the user the pre-reg code15:36
dystonick.  the code snip we're talking about is headed under <add multiple preregistration codes>, yes?15:37
nowennote that pre-reg is working, it's just the listing and feedback that is borked, so when you try to enter an existing user or reg code, you don't know it has failed15:37
nowenyes, but really it is the single one too15:38
dystonicbecause under the section above, add a pre-registration code it seems to point to uploading the file through the gui.15:38
dystonicplease understand that i'm about to ask a bunch of stupid questions, because i don't speak this - so please be forgiving, cus i gotta get this working.15:39
nowenno problem!15:39
dystonicok.  so.  1)  do we have to upload the reg codes through the web interface.15:39
dystonicor is it actually doable through the api.15:39
nowen1. "Pre-registration:"  assumes a code exists in the server15:39
dystonick.  so hurdle 1 is getting the files to upload cleanly.15:40
dystonicyou sent me some text for getting into the db.15:40
nowen2.  "Add a Pre-Registration Code:"   Adds a new code to the server15:40
nowen3. "Add Multiple Pre-Registration Codes: " add a bunch of new codes to the server15:40
dystonicsyntax is the same as the text file that would be uploaded, csv on newline per user15:41
dystonicbut you have to when you upload the reg codes provide the username mapping.15:41
dystonic?15:41
nowenlet's back up a bit - what do you want to do?  How many users do you want to pre-reg at a time?15:41
dystonici want to prereg 2-4.  it's not that i need to register a lot, i just need to be able to do it.15:42
dystonici don't have huge batches.15:42
nowenok15:42
dystonicso.  my use case is:  i get a new user.  or 2-3, or whatever, not a huge batch.15:43
dystonici need to be able to generate a preregistration code so that when the request comes in, I can completely provision them and push all the data to them.  it causes me a lot of overhead when I hae to have them send me ar eg code.15:44
dystonici've tried it before and gotten weird errors, like a -0 from the wikid token jar when i feed it a code that i've uploaded.  the gui doesn't give me good ifno.15:44
dystonici'm not a coder, at all.15:45
dystonicso i'm not sure what to do with the api;  i've been trying to figure it out, but i'm kinda out of my depth.  i can't sit around and wait for a bugfix, because its' really kinda blocking me.15:45
dystonicplus its' nontrivial to upgrade nonprod and two production environments, we just did it, it's goign to be a while before I can get resoruces to do it.15:46
nowenwell, you may not need it.  you can still up load the data, validate it via the db commands I gave you and send it out15:46
dystonici really hate directly touching a db.  does the clear functionality actually clear the table?15:46
dystonici don't mind selecting / looking, but i don't want to modify it directly if i don't have to.15:47
nowenyes, this is just looking. let me test the clear15:47
nowenclear works15:48
nowenupload works15:48
nowenexport works too15:49
nowenso actually, you can export to check15:49
nowenno db access needed15:49
dystoniclet me test.15:49
dystonick.  got a null -1 error15:53
dystonicwhen i attempted to use a tokencode.15:53
nowenanything in the logs?15:54
dystonicdownloaded hte jsp, which has the rows in it i would expect, tab delimited15:54
dystonicchecking clearing and looking for logs15:54
nowenit's tab-delimited15:56
nowenso, did you pre-reg a new token?15:56
nowenI have a lunch meeting today. can we pick up at 1ish?15:57
dystonicsure.15:57
nowenok - thanks!15:57
dystonicsure.  np.  :)15:57
dystonici'm happy w/whatever if we can get it to work.15:57
nowenI think we can get it to work today15:58
*** nowen has quit (Quit: Leaving.)15:58
dystonic2012-09-27 12:10:05.906ERRORcom.wikidsystems.server.DeviceTransactionExecCould not find configuration for domain referenced by prereg code3249 on this server.  2012-09-27 12:09:18.383ERRORcom.wikidsystems.server.DeviceTransactionExecCould not find configuration for domain referenced by prereg code3249 on this server.16:13
*** nowen (~nowen@adsl-98-66-183-205.asm.bellsouth.net) has joined #wikid17:06
dystonicoh hai.17:07
nowenhowdy17:08
nowenok - where were we?17:08
dystonic2012-09-27 12:10:05.906 ERROR com.wikidsystems.server.DeviceTransactionExec Could not find configuration for domain referenced by prereg code3249 on this server.   2012-09-27 12:09:18.383 ERROR com.wikidsystems.server.DeviceTransactionExec Could not find configuration for domain referenced by prereg code3249 on this server.17:08
dystonicis what i'm geting.17:12
dystonici have one domain on that server.17:12
nowenhmm17:12
dystonici tried a diff reg code that was 5 digits, not sure if there's a minimum that's defined or if there's a setting that isn't selected.17:12
nowenare you using the latest token? 22?17:15
nowenand what do you have in your jw.properties file?17:15
dystonicbut the token just hangs at 'continue' when i submit the request and doesn't return a error code.17:17
dystonictoken client i'm testing with is 3.1.2217:17
dystonicand its' stock, i just downloaded it from the site.17:17
dystonicare you talking about a jw.properties file living on the wikid server?17:17
dystonic2012-09-27 13:12:04.609ERRORcom.wikidsystems.server.DeviceTransactionExecCould not find configuration for domain referenced by prereg code12356 on this server.  2012-09-27 13:11:58.507ERRORcom.wikidsystems.server.DeviceTransactionExecCould not find configuration for domain referenced by prereg code12356 on this server.17:18
nowenthe jw.properties file goes in the same dir as the jar token file17:18
dystonick.  do they need a custom jw.props file to do preregistration?17:18
dystonicbecause this is just a fresh download from your site on a machine thats' never had wikid before.17:19
nowenno, but it makes it easier17:20
nowenIt works with a custom jw.properties file17:21
nowenlike this: http://pastebin.com/yxbPigie17:21
nowenalso works for me without it17:23
dystonicright.17:23
dystonicbecause in the default token that file only exists in the src dir17:23
nowendouble check your domain id17:23
nowenmaybe there's a trailing space that's not getting parsed correctly>17:23
nowen?17:23
dystonicchecking.17:24
dystonicin terms of when i attempt to register from the java token?17:26
dystonicbecause there isn't - i'm certain.17:27
dystonicis there something you want me to check w/in the console?17:27
dystonicit works just fine for when people give me codes.  it's something weird w/ the relationships when the prereg checks in.17:27
dystonic2012-09-27 13:12:04.609ERRORcom.wikidsystems.server.DeviceTransactionExecCould not find configuration for domain referenced by prereg code12356 on this server.  2012-09-27 13:11:58.507ERRORcom.wikidsystems.server.DeviceTransactionExecCould not find configuration for domain referenced by prereg code12356 on this server.17:28
dystonici mean theoretically it couldn't even hit the wikid server w/out the right servercode, because that's the padded ip.17:28
dystonicand i'm seeing logs that its' connecting to the server but then it's not mapping.17:28
nowenI see that error now. let me see if I can figure out why17:28
dystonickk.17:29
dystonicthe only thing not configured under the domain screen is Registered URL:17:29
dystonicbecause we don't tie dns to this host.17:29
nowenrestart the token client and try again17:33
nowennevermind17:35
nowenoh, here's my issue - openoffice is dropping the leading zero17:36
nowenso 01234 in the db is 1234 in openoffice17:37
dystonici'm not using a leading 0 in my reg codes17:39
dystonicomg!17:40
dystonici think it worked17:40
dystonicgimmie a few.17:41
nowenkk17:41
dystonicthis is promising.18:06
dystoniclooks like i'd cleared the table and not reloaded it so user error.18:06
dystoniclet me try a few test cases and see what i can get done.18:07
nowenok18:07
dystonicso far i'm digging this.  :)18:07
nowengood stuff18:07
dystonicyes.18:14
dystonicw00t.18:14
nowen;)18:14
dystonicalright.  i'm going to rewrite my instructions and see if i can get some $users to test it out.18:14
dystonicthanks.  i get what its' doing now.18:14
nowenawesome!18:15
dystoniclike. it updates the prereg table once i register the token so it's not reusable.18:15
dystonicso i can export and see if it's been used.18:15
dystonicit insists on at least 6 dig for my pin.18:15
dystonicthe file syntax is easy to do w/ excel + saving a tab delimited file.18:15
dystonicdidn't seem to have a opinion about the reg code, but avoid leading 0s.18:15
nowenyep18:15
dystoniccool.  alright.  thanks.  i'll let you know if there are more issues.  :) glad this was largely pebcak.18:16
nowenmy pleasure!18:16
joevanoready to got back to my issue nowen?18:16
joevanoget*18:16
nowenhehe, yes!18:16
joevanook... interesting thing18:17
joevanoyou know how that security file that you can use to skip entering your key18:17
nowenyes18:17
joevanoit doesn't work either ... but if I copy the passphrase out of there and paste it in at the prompt it works18:18
nowenwah?18:18
nowendo you have it in quotes?18:18
joevanoyep... I think it in the examlpe.jsp , yes18:19
nowensingle or double?18:19
nowenand in the /etc/WiKID/security file?18:19
joevanotried it every which way but Sunday in the security file18:19
joevanodouble, but I tried single and without as well18:19
joevanoin the security file without, but also tried with quotes18:20
nowenand the start-up script doesn't pick it up?18:20
joevanothe only thing I could figure is that it is tripping over the ! is our passphrasex18:21
joevanoin*18:21
nowenpossibly, but it should all be handled18:21
nowenis it the first char?18:21
joevanoit is not.. it is the last18:22
nowengive me a few to set up a new test18:22
joevanok18:22
nowenok - created a new cert. passphrase!18:45
nowenput it in /etc/WiKID/security without quotes and it worked18:47
nowentested via example.jsp too18:47
nowensingle quotes works too18:51
nowenlooks just like 'WAUTH_PASSPHRASE='passphrase!'18:52
nowenyou checked using the keytool, right18:53
nowen?18:53
nowenjoevano: ?19:18
*** dystonic has quit (Quit: Page closed)19:18
joevanonowen: sry... was out looking for Jimmy Hoffa19:50
nowenhehe19:50
nowenbring your shovel over to my place19:50
joevanoyes I used keytool on both the localhost and intca19:50
nowenand their dates are ok?19:50
joevanohmm... let me look again but I think so19:51
joevanoyes both are still valid19:53
joevanogoing to check the security file again19:53
joevanowth... it wored today stopping and starting wikidctl19:56
joevanolet me try the example.jsp page19:57
joevanonope.. doesn't work. How can I verify the port WiKI20:12
joevanoWiKID is configured to listen on20:12
nowensame error in the logs?20:12
nowenwauth is on port 838820:13
joevanoCouldn't validate the client certificate. Verify the validity and dates of the client cert.20:13
nowenis this a test system?20:13
joevanolet me check the date and time the server thinks it is20:14
joevanonope... this is our main system20:14
joevanoNTP for the win... time is exact20:14
nowenhmm20:14
nowenso, the server starts if entered manually20:15
nowenbut not using the security file and example.jsp fails20:15
joevanono, the server now starts without doing it manually... but example .jsp gives me the error20:15
nowenahh - ok20:15
nowenand you're restarting WiKID after editing the example.jsp?20:16
joevanolove the fact that we won't have to back door in to get the auth back up when/if we lose power over the weekend20:16
joevanooh... i think i did but let me do it again20:17
joevanohttps://dl.dropbox.com/u/502439/09-27-2012%204-22-49%20PM.png20:24
joevanohere is an image of the log.. this is before trying example.jsp and right after restarting the service20:25
joevanoso it does seem to be some sort of certificate error20:25
nowenis there a little bomb icon on the right?20:25
nowenclick it for the full trace20:25
joevanoi do not see one20:26
nowenhere's what mine looks like: http://pastebin.com/bNsRwmPc20:26
joevanoin the log screen right?20:26
nowenyes, the log screen20:27
joevanoyep exactly20:27
nowenhmm20:27
nowenand do you get the same error when you hit example.jsp?20:27
joevanoother than the servercode and passphrase of course20:27
joevanowhen I go to the example.jsp page I get two lines in the logs that match the ones in my log screenie about wAuth and wClient20:30
joevano2012-09-27 16:37:45.754ERRORcom.wikidsystems.client.wClientERROR: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate20:30
joevano2012-09-27 16:37:45.738ERRORcom.wikidsystems.server.wAuthCouldn't validate the client certificate. Verify the validity and dates of the client cert.20:30
nowenwhat version of WiKID is this? and what java?20:31
joevano3.4 build 87-b121620:33
joevanojava version "1.6.0_20"20:33
joevanoOpenJDK Runtime Environment (IcedTea6 1.9.13) (6b20-1.9.13-0ubuntu1~10.04.1)20:33
joevanoOpenJDK 64-Bit Server VM (build 19.0-b09, mixed mode)20:33
nowenis radius working? can you login?20:35
joevanoyes, we are using it and it fails if you use the wrong OTP20:39
nowenman20:44
nowenhmm20:44
nowencan you set your loggers for wauth to debug and hit the example.jsp page again?20:45
nowenno restart just want to see if we get anything better20:45
joevanosorry... got a call..20:59
nowennp20:59
joevanonothing better on debug20:59
joevanojust those 2 lines21:00
nowenlet's change Config.getValue("BASEPATH") + "private/localhost.p12",21:00
nowento "/opt/WIKID/private/localhost.p12",21:00
nowenand see if it's just not finding the cert21:00
joevanok...21:00
nowenalso, I bet you could copy the file to a new name if you don't want to restart all the time21:01
joevanodoes wAuth initialization usually take quite some time21:05
nowennot usually21:07
nowenhow long does it take?21:09
joevanoit takes a good minute to minute and a half here (or maybe it is faster but seems like forever)21:09
nowenhow much memory ?21:09
joevanolooks like 1GB21:10
nowenare you in replication?21:11
joevanono21:11
nowenhmm21:11
joevanohere is the wAuth start up line to give you an idea21:11
joevanoWaiting for wAuth initialization to complete...............................................................................................................................................................Success!21:12
joevanoyep confirmed 1GB21:14
joevanosingle cpu21:14
nowenmost of my vms have 1 gid21:15
nowengig21:15
joevanothis is a VM as well average mem usage is at 175Mb21:16
joevanomax was 370Mb21:16
joevanooh... and U never told you that the absolute path did not work either... I am stumped21:17
joevanoI*21:18
nowenyeah21:18
nowenis there a listener on 8388?21:19
nowen'netstat -anp | grep 8388'21:20
nowenjust in case ;)21:20
joevanohmm... only on IP6 it looks lke...You are a genius (maybe)21:21
joevanotcp6       0      0 [::]:8388               [::]:*                  LISTEN21:22
nowena slow, slow genius21:22
nowenbut still, that21:22
joevanook... I gotta get out of here... but I will follow that path over the weekend21:22
nowenis probably a result of whatever21:22
nowenis selinux off?21:22
nowen'getenforce' will say21:23
joevanoi believe so.. let me check21:23
joevanonot even instaled21:23
nowenmaybe re-run setup and go through the networking again21:23
nowenmaybe localhost isn't set for ipv6?21:24
nowenin /etc/hosts, eg21:24
joevanok, I'll make sure to snapshot it before I start messing with it21:24
nowenok - i'll let you got21:24
nowengo21:24
joevanohave a good weekend21:24
nowentwitter or email me over the weekend21:24
nowenI'll be in tomrrow too21:24
joevanowill do21:24
nowenThe most likely cause is that the key that signed the intca cert isn't in the CACerts file on the client side21:25
nowensays someone smarter than i21:25
nowenso, you might want to extract cacerts from the rpm again or something21:26
joevanok... I will look at that as well21:26
nowenk21:26
joevanothanks for the help today21:26
nowensorry for the problems!21:26
*** nowen has quit (Quit: Leaving.)22:13
« Wednesday, 2012-09-26 Index Friday, 2012-09-28 »

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!