| bman1 | ok so windows 2008 server R2 for NPS is a bit different that the document has this been tested? | 00:39 |
|---|---|---|
| bman1 | then again could be person I am talking to but something appear different | 00:40 |
| bman1 | is there a revised document anywhere? | 00:40 |
| bman1 | nm, think its them, i.e. sep department | 00:46 |
| bman1 | had to go back over document w them | 00:46 |
| bman1 | so i assume the doc for setting up wikid as a radius server is here? | 00:47 |
| bman1 | http://www.wikidsystems.com/support/wikid-support-center/how-to/pam-radius-how-to | 00:47 |
| bman1 | nm seemed too simple will try and stop bugging thought i saw something diff before | 00:50 |
| bman1 | ok so found something I don't see covered, Radius Specific parameters, Assign Return Attribute: ? its a drop down cant find which to use the NAS ip address? | 01:10 |
| *** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 13:59 | |
| nowen | bman1: you here? | 14:34 |
| bman1 | yes | 18:32 |
| nowen | did you get your radius question answered? | 18:32 |
| bman1 | well kinda, one thing im not sure of is that if actually freeradius daemon need be running, I saw no mention of it in the docs, however I found a doc someone else published on centos and they stated it need be running | 18:33 |
| bman1 | however i have some issue with radius daemon talking to wikid | 18:33 |
| nowen | are they running on the same box? | 18:34 |
| bman1 | yes | 18:34 |
| nowen | are you using freeradius as a radius server? | 18:34 |
| bman1 | yes, I have also installed pam_radius as per doc | 18:35 |
| bman1 | i have a vm setup ( that other team setup ) as NPS | 18:35 |
| nowen | ok, so know that WiKID is not a radius 'server' in the way freeradius or NPS is. it is a 'radius server' in that it is the authoritative authentication source | 18:36 |
| nowen | freeradius and nps will do other things, like validate that a user is in AD/ldap and has the right perms | 18:36 |
| nowen | that is, they will do autorization | 18:36 |
| nowen | authorization | 18:36 |
| bman1 | right i understand that part but then not sure where my setup is messed up | 18:37 |
| bman1 | i was looking at this doc 1 second | 18:37 |
| nowen | there's no need for both freeradius and NPS | 18:37 |
| bman1 | http://www.wikidsystems.com/support/wikid-support-center/manual/how-to-install-the-wikid-strong-authentication-server/how-to-install-the-wikid-strong-authentication-server-enterprise-edition-page-4 | 18:37 |
| bman1 | ok | 18:37 |
| bman1 | so the pdf i have for NPS | 18:38 |
| bman1 | the eguide for adding 2 factor auth to your corp network | 18:38 |
| bman1 | seems to indicate that once nps is setup | 18:38 |
| bman1 | it should point to freeradius | 18:38 |
| bman1 | or i mean radius | 18:38 |
| nowen | so, it should go: pam_radius >> NPS/AD >> WiKID | 18:39 |
| nowen | the >> are all radius transactions | 18:39 |
| bman1 | ok so the radius daemon is not needed to be running | 18:39 |
| nowen | no | 18:39 |
| nowen | in fact, it would most likely cause networking confusion | 18:39 |
| bman1 | ok so at the network level the nps server connects to wikid on the udp radius port? | 18:40 |
| nowen | yes, port 1812 | 18:40 |
| bman1 | ok so restarted wikid to see if that port comes up, i might need to tweak log4j settings because i set to debug but still am not getting allot of logging to see whats going on | 18:42 |
| bman1 | ok i see the port on udp thanks | 18:43 |
| bman1 | will test a bit more thanks | 18:43 |
| nowen | so, netstat should show that java is listening on 1812 | 18:44 |
| bman1 | im using radtest to try and test stuff will post back in a bit if i cant figure it out, i see the port is up now but radtest failed | 18:44 |
| bman1 | yes it is | 18:44 |
| bman1 | udp 0 0 0.0.0.0:1812 0.0.0.0:* 25098/java | 18:45 |
| nowen | are you running radtest from an IP listed as a network client? | 18:45 |
| bman1 | yes | 18:45 |
| nowen | http://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-can-i-set-radius-logging-to-debug-how-can-i-see-if-wikid-is-getting-the-radius-requests | 18:45 |
| bman1 | cool thanks | 18:45 |
| nowen | also, 'tcpdump port radius' | 18:45 |
| bman1 | yeah i plan to | 18:45 |
| nowen | will show if the packets are getting to the server | 18:45 |
| bman1 | i know packets can get to it, because the radius server saw the connections in the logs and said the ip was zombie | 18:46 |
| bman1 | so its not network | 18:46 |
| nowen | ok | 18:46 |
| nowen | gotta run an errand. back in a bit | 19:07 |
| *** nowen has quit (Quit: Leaving.) | 19:07 | |
| *** Tyler_ (8eb1ec77@gateway/web/freenode/ip.142.177.236.119) has joined #wikid | 19:39 | |
| Tyler_ | Hey anyone on? | 19:40 |
| *** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 19:40 | |
| bman1 | damm still cannot get any logging, i've set the logging options via UI and they are persistent but nothing new is logging | 19:51 |
| bman1 | i can see tcpdump connections from network client | 19:51 |
| nowen | is the date correct on the server? | 19:52 |
| bman1 | but dont know whats going on, is there a manual way to change the logging in log4j | 19:52 |
| bman1 | yes ntp is in sync | 19:52 |
| bman1 | i can see reg http connections logging via the web ui and reg logging in catalina.err and out | 19:53 |
| bman1 | just new logging options from ui are not being picked up | 19:53 |
| nowen | anything in /opt/WiKID/log/radius.log? | 19:53 |
| bman1 | no its blank | 19:53 |
| nowen | did you add the radius logger? | 19:53 |
| bman1 | i was hoping it would start writing to it, yes i did via the ui and set to debug | 19:54 |
| bman1 | nothing, is there a way to manually put in the string via cli? | 19:54 |
| bman1 | i.e. log4j.properties? | 19:54 |
| nowen | did you restart WiKID? because that will reset the loggers | 19:54 |
| nowen | yes | 19:54 |
| nowen | http://www.wikidsystems.com/WiKIDBlog/big-data-vs-easy-data-the-wikid-ossim-plugin for example | 19:54 |
| nowen | that file should be well commented | 19:54 |
| bman1 | thx | 19:54 |
| bman1 | ok thanks now i have some logging | 20:02 |
| nowen | cool | 20:02 |
| nowen | what does it say? | 20:06 |
| Tyler_ | Hi. I am at a real loss regarding the ISO version and the Radius client. Is this the right place for assistance? | 20:22 |
| nowen | sure | 20:35 |
| nowen | Tyler_: what's going on? | 20:35 |
| Tyler_ | Great | 20:37 |
| Tyler_ | I am not sure what information you need but I am using the ISO version. When trying to connect to the WiKID Radius it timesout. | 20:38 |
| nowen | did you create a network client? | 20:38 |
| Tyler_ | I can see the packets from the TCPDUMP on the WiKID server but the WiKID server Radius does not respone | 20:39 |
| Tyler_ | Yes I did. | 20:39 |
| nowen | and did you run 'wikidctl restart'? | 20:39 |
| nowen | hold on = brb | 20:39 |
| Tyler_ | I have created two client networks in order to further troubleshoot. Both client networks are attempting to communicate via different clients | 20:40 |
| Tyler_ | I have restarted yes. I have been trying to get this working for a week now. I have gone so far as to uninstall and reinstall the entire OS again. | 20:41 |
| Tyler_ | It is the same issue even though I have uninstalled and reinstalled the ISO. Everything else works like a charm. | 20:42 |
| nowen | do you have radius logging set to debug? | 20:44 |
| nowen | http://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-can-i-set-radius-logging-to-debug-how-can-i-see-if-wikid-is-getting-the-radius-requests | 20:45 |
| Tyler_ | I tried that as well. | 20:45 |
| nowen | any radius error messages? | 20:45 |
| Tyler_ | Nothing shows up in the logs other than the fact that I turned on debug. | 20:47 |
| nowen | run 'netstat -anp | grep 1812' and make sure that the listener is up | 20:47 |
| nowen | it should state that java is listening on the port | 20:47 |
| Tyler_ | if I look at /opt/WiKID/log/radius.log directly I do see an error. | 20:48 |
| nowen | what is that? | 20:48 |
| Tyler_ | java.net.SocketException: Broken pipe at java.net.SocketOutputStream.socketWrite0(Native Method) at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:109) at java.net.SocketOutputStream.write(SocketOutputStream.java:153) at sun.security.ssl.OutputRecord.writeBuffer(OutputRecord.java:314) at sun.security.ssl.OutputRecord.write(OutputRecord.java:303) at sun.security.ssl.SSLS | 20:48 |
| nowen | did you create certificates during the install? | 20:48 |
| Tyler_ | I did yes. | 20:49 |
| nowen | and a localhost cert? | 20:49 |
| Tyler_ | drwxr-xr-x 3 wikid root 4096 Feb 14 16:45 . drwxr-xr-x 13 wikid root 4096 Feb 14 13:25 .. -rw-r--r-- 1 wikid wikid 2760 Feb 14 14:27 CACertStore drwxr-xr-x 2 wikid root 4096 Feb 14 13:25 googlesso -rw-r--r-- 1 wikid wikid 2311 Feb 14 14:28 localhost.p12 -rw-r--r-- 1 wikid root 1752 Oct 4 16:28 WiKIDCA.cer | 20:49 |
| Tyler_ | Yes a localone as well. | 20:49 |
| nowen | run 'netstat -anp | grep 1812' | 20:50 |
| Tyler_ | I have followed http://www.wikidsystems.com/support/wikid-support-center/manual/how-to-install-the-wikid-strong-authentication-server/referencemanual-all-pages to a tee 3 times now. Ok one second | 20:50 |
| Tyler_ | udp 0 0 ::ffff:127.0.0.1:1812 :::* 7293/java | 20:50 |
| nowen | hmm, should be 0.0.0.0 | 20:53 |
| nowen | ok, go to Configure / Enable Protocols / | 20:53 |
| nowen | and Radius | 20:53 |
| Tyler_ | BRB | 20:53 |
| nowen | what's there? | 20:53 |
| Tyler_ | RADIUS is ENABLED [ DISABLE ] Host Name:WiKID Radius IP Address:127.0.0.1 Port:1812 | 20:54 |
| nowen | hmm | 20:56 |
| nowen | what version is this? | 20:56 |
| Tyler_ | 3.5 build 0-b1359 | 20:57 |
| Tyler_ | I am using a dual network card setup. One private and one public (DMZ). I have access through the VMWare console. Would you suggest I remove one of the NIC's and try again from Scratch? | 20:58 |
| Tyler_ | At this point that is the only thing I have not tried/ | 20:59 |
| nowen | it should work fine with two nics | 20:59 |
| Tyler_ | Ok. | 20:59 |
| nowen | I'm grabbing that iso to build a test | 21:00 |
| Tyler_ | Is there a newer ISO? | 21:01 |
| nowen | yes | 21:01 |
| nowen | http://wikidsystems-dl.com/wikid-enterprise-3.5.0-b1403-install.iso | 21:01 |
| Tyler_ | OH!!!!! | 21:01 |
| Tyler_ | Let me try that. | 21:01 |
| Tyler_ | I will get back to you either way. Thanks. | 21:02 |
| nowen | listen | 21:02 |
| nowen | I'm traveling from tomorrow until a week from monday | 21:02 |
| nowen | either use the forums or email contact form | 21:03 |
| nowen | or my email if you have it | 21:03 |
| Tyler_ | Will do thanks! | 21:03 |
| nowen | np | 21:03 |
| nowen | I bet that's it b/c the changelogs list a radius fix | 21:03 |
| nowen | Tyler_ if you didn't get my email response to your download, my email is nowen at wikidsystems.com | 21:19 |
| bman1 | ok mine worked now, so remainder shd be making sure acls are good, thanks all | 21:34 |
| bman1 | Reply-Message = "Access Granted" | 21:35 |
| nowen | bman1: great! | 21:45 |
| bman1 | just have to figure fw out now shouldn't be too much of issue thanks | 22:23 |
| *** nowen has quit (Read error: Connection reset by peer) | 23:18 | |
| *** Tyler_ has quit (Ping timeout: 245 seconds) | 23:43 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!