| bman1 | ok so im back & have a question if I have a wikid system that users can ad register with ( that works fine) and they can enter thier validation key, then how do they login with to a 2factor authenticated app via say a firewall like fwsm? | 01:30 |
|---|---|---|
| bman1 | when they use the 2factor app they get a passcode | 01:30 |
| bman1 | then i have them enter say a proxy that is run from fwsm that intercepts pass and I put the passcode from the wikid token or the ad credentials? | 01:31 |
| bman1 | so the initial client post from the wikid app should go ->port -> 80 wikid server, the server responds to the client with the token | 01:34 |
| bman1 | then the user logs in via whatever other app with his/her username and the token? which should forward from the firewall to the lb-> to the real server on port 80? | 01:35 |
| bman1 | hmmm | 01:35 |
| bman1 | ahh i see port 49 nm | 01:36 |
| bman1 | tac_plus: /lib64/libc.so.6: version `GLIBC_2.7' not found (required by tac_plus) test boxes are identical to older boxes we have in production with except that test boxes have newer version of wikid | 01:52 |
| bman1 | checking on tac_plus | 01:52 |
| bman1 | copied an older version of the bundled tac_plus file from bin from an older version of wikid and tacas is responding now | 01:56 |
| *** priyanka_nag (~chatzilla@202.71.143.2) has joined #wikid | 06:41 | |
| *** priyanka_nag has quit (Ping timeout: 245 seconds) | 07:32 | |
| *** nowen (~nowen@50-194-249-125-static.hfc.comcastbusiness.net) has joined #wikid | 13:18 | |
| *** nowen has quit (Quit: Leaving.) | 17:57 | |
| *** nowen (~nowen@50-194-249-125-static.hfc.comcastbusiness.net) has joined #wikid | 19:39 | |
| *** TXRH (d8f800fe@gateway/web/freenode/ip.216.248.0.254) has joined #wikid | 21:14 | |
| nowen | TXRH: how goes it? | 21:24 |
| TXRH | going good, having an issue with the ADRegister.jsp page again it says - wClient connection to the server was NOT sucessfully established | 21:28 |
| TXRH | in the past this was the firewall, I did service iptables stop. Still not working should I reboot? | 21:29 |
| nowen | no, | 21:30 |
| nowen | run 'service iptables status' | 21:30 |
| TXRH | firewall is stopped | 21:32 |
| nowen | did you upgrade the WiKID software? | 21:32 |
| TXRH | no not that I know of | 21:33 |
| nowen | can you edit the file? 'vim /opt/WiKID/tomcat/webapps/wikid/ADRegister/ADRegister.jsp' | 21:34 |
| nowen | check that your edits are still there | 21:34 |
| nowen | did you make any changes with the certificates? | 21:34 |
| TXRH | they are, didn't make any cert changes but how do I check that | 21:36 |
| nowen | hmm | 21:36 |
| nowen | well, you would have had to create new certs in the WiKIDAdmin interface, so I think you'd remember that ;) | 21:36 |
| nowen | you can validate that the passphrase is correct and the cert is valid using keytool | 21:37 |
| nowen | http://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-do-i-know-if-my-certificate-is-valid | 21:37 |
| nowen | did you also setup example.jsp? | 21:37 |
| TXRH | this was working 1/3/2013 so I am not sure what happened. | 21:39 |
| nowen | well, if your localhost cert is over a year old, it could be that | 21:39 |
| nowen | I would not think it old enough, but you might have been testing for longer than I thought | 21:40 |
| TXRH | ok i ran the keytool they are not expired | 21:50 |
| TXRH | clook is correct | 21:50 |
| nowen | ok - try running 'wikidctl restart' and then hit the page again | 21:50 |
| TXRH | ok its working | 21:53 |
| nowen | was it the restart? | 21:53 |
| TXRH | yes | 21:53 |
| nowen | hmm | 21:53 |
| nowen | that should only be the case if something changed in the file | 21:54 |
| TXRH | I did get an error restarting | 21:54 |
| TXRH | Enter wAuth Passphrase: Passphrase is good. Proceeding ...grep: 14261: No such file or directory | 21:54 |
| nowen | huh | 21:54 |
| nowen | that's a new one | 21:54 |
| nowen | but everything is working? | 21:54 |
| TXRH | yep everyting is working, thanks for your help | 21:55 |
| nowen | sorry for the issue. I wish we knew what caused it | 21:56 |
| nowen | you can check the WIKIDAdmin logs | 21:56 |
| TXRH | if a restart fixes it I am happy | 21:57 |
| nowen | well, that's good. but I don't want you to have to restart every month | 21:57 |
| nowen | also, I can give you a rule to open port 389 if you like and you can restart the fw | 21:58 |
| TXRH | ok I keep an eye on it and let you know, sure don't know much about iptables so that would be great | 21:59 |
| nowen | 'iptables -A INPUT -p tcp --dport 389 -j ACCEPT' | 22:00 |
| nowen | then | 22:00 |
| nowen | 'iptables-save' | 22:01 |
| nowen | my bad' | 22:04 |
| nowen | run the first one again | 22:04 |
| nowen | and then 'service iptables save' | 22:04 |
| nowen | 'iptables -L -n' | 22:05 |
| nowen | will show you what is open | 22:05 |
| TXRH | should I see 80 or 443? | 22:05 |
| nowen | yes | 22:06 |
| nowen | and 22 | 22:06 |
| nowen | actually, I have a better idea | 22:06 |
| TXRH | There missing | 22:06 |
| nowen | well, before we do that | 22:06 |
| nowen | is all you see 22? | 22:07 |
| TXRH | 49,8388,1813,1812,389 | 22:08 |
| nowen | ok - just run the same command but use the needed ports | 22:08 |
| TXRH | should I run the above cmd with 22,80,443 | 22:08 |
| TXRH | ok | 22:08 |
| nowen | ;-) | 22:08 |
| TXRH | are there any others needed | 22:09 |
| nowen | no | 22:09 |
| nowen | I assume 1812 is udp also | 22:09 |
| TXRH | ok yes both | 22:10 |
| nowen | good | 22:11 |
| TXRH | ok firewall is on now and everything is working | 22:15 |
| nowen | nice | 22:15 |
| TXRH | thanks for all your help | 22:16 |
| nowen | np! | 22:17 |
| *** TXRH has quit (Quit: Page closed) | 22:18 | |
| *** nowen has quit (Quit: Leaving.) | 22:39 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!