| *** ionepoch has quit (Read error: Connection reset by peer) | 08:36 | |
| *** ionepoch (~ionepoch@wsip-98-173-30-75.sb.sd.cox.net) has joined #wikid | 08:36 | |
| *** nowen (~nowen@50-194-249-125-static.hfc.comcastbusiness.net) has joined #wikid | 13:12 | |
| *** nowen has quit (Client Quit) | 13:16 | |
| *** nowen (~nowen@50-194-249-125-static.hfc.comcastbusiness.net) has joined #wikid | 13:18 | |
| *** proactis (bc5fce57@gateway/web/freenode/ip.188.95.206.87) has joined #wikid | 16:32 | |
| proactis | hi there, quick question can wikid be used with windows login | 16:32 |
|---|---|---|
| nowen | proactis: that's a tough one | 16:32 |
| nowen | in a domain? | 16:32 |
| proactis | yes in a domain | 16:33 |
| nowen | don't think so, there's a project called pgina that will allow you to login with radius, but domain login isn't supported yet | 16:34 |
| proactis | ok ta | 16:35 |
| proactis | Could Wikid be used with remote desktop connections? | 16:35 |
| nowen | certainly | 16:35 |
| proactis | is their a guide anywhere | 16:36 |
| nowen | the key to deploying any 2FA system, really, is getting the service (RDP) to use a good authentication protocol like radius | 16:36 |
| nowen | take a look at the eguide here for starters: http://www.wikidsystems.com/learn-more/two-factor-authentication-white-papers | 16:37 |
| nowen | it doesn't discuss rdp specifically, but you'll get the idea | 16:37 |
| nowen | will you use ms rdp? or something like citrix? | 16:37 |
| proactis | MS RDP | 16:37 |
| proactis | we don't have the budget for citrix | 16:38 |
| nowen | so, you just need to put it behind something that supports radius, like forefront | 16:38 |
| proactis | cheers | 16:40 |
| nowen | later! | 16:40 |
| proactis | will look into it | 16:40 |
| nowen | ok | 16:40 |
| *** proactis has quit (Quit: Page closed) | 16:40 | |
| *** bgeorge_ (444022c4@gateway/web/freenode/ip.68.64.34.196) has joined #wikid | 19:35 | |
| nowen | welcome bgeorge_ | 19:35 |
| bgeorge_ | Hello | 19:36 |
| bgeorge_ | I am working on getting two factor up using NPS, but I'm a bit confused. | 19:37 |
| nowen | ok | 19:37 |
| bgeorge_ | At what point do I enter the one time password? | 19:38 |
| nowen | you enter it instead of the password | 19:38 |
| nowen | NPS authorizes the user based on the username only | 19:38 |
| bgeorge_ | hmm...i see | 19:39 |
| nowen | then WiKID performs authentication using the username and OTP | 19:40 |
| bgeorge_ | Cant seem to get the NPS to use the policy, even tried using the 24/7 time option. I think there is a nps server somewhere messing with me. | 19:42 |
| nowen | yeah, MS managed to make it more complicated than needed | 19:43 |
| bgeorge_ | Do you know if I need an another network policy to allow access with NPS configured? | 19:46 |
| nowen | did you edit the user to say 'use nps'? | 19:47 |
| bgeorge_ | Yup. But it get denied right away if i don't create a separate network policy to grant access | 19:47 |
| nowen | yeah, you need both | 19:48 |
| nowen | does it work without WiKID? | 19:48 |
| bgeorge_ | Yes | 19:50 |
| bgeorge_ | It seems as if it wont forward the request. Are there logs I can check on the wikid server? | 19:51 |
| nowen | probably nothing there because the request is stopping on nps. | 19:52 |
| nowen | you can look at the MS logs, but they probably won't have much | 19:53 |
| nowen | what doc are you following? the eGuide pdf? | 19:54 |
| bgeorge_ | ms only shows an event when it works, without wikid | 19:55 |
| bgeorge_ | I followed this. http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-add-two-factor-authentication-to-nps/view?searchterm=nps | 19:55 |
| nowen | you might step through the NPS section of the eGuide to see if there is something you missed http://www.wikidsystems.com/learn-more/two-factor-authentication-white-papers | 19:57 |
| nowen | also, you might try using the ip address of your vpn instead of time | 19:57 |
| nowen | we don't really maintain working set ups for a lot of the stuff we test - if someone come in and wants to know if some setting works, we might test that. | 19:58 |
| bgeorge_ | Thanks for that pdf, some nice evening reading. I'll report back tomorrow. | 20:10 |
| nowen | ok - well, how about Monday? | 20:10 |
| nowen | and as always, we defer to MS documentation | 20:10 |
| bgeorge_ | business tomorrow. | 20:11 |
| *** bgeorge_ has quit (Quit: Page closed) | 20:12 | |
| *** nowen has quit (Quit: Leaving.) | 22:32 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!