| *** bman1 (~burrutia@64.19.224.6) has joined #wikid | 00:48 | |
| bman1 | is there a way to monitor wikid replication i.e I want to setup a health check for the master so I can promote the slave if need be | 00:50 |
|---|---|---|
| bman1 | or perhaps can someone explain how the replication is setup in postgres because it looks like only a table rsync? | 00:55 |
| *** nowen (~nowen@50-194-249-125-static.hfc.comcastbusiness.net) has joined #wikid | 12:45 | |
| *** volga629 (~bendersky@host7.pythian.com) has joined #wikid | 12:45 | |
| nowen | bman1: there is a way | 12:58 |
| nowen | you need to edit the file /opt/WiKID/tomcat/webapps/wikid/WEB-INF/web.xml | 13:02 |
| nowen | and out your localhost passphrase in to: | 13:02 |
| nowen | <param-name>certFilePass</param-name> | 13:02 |
| nowen | <param-value>passphrase</param-value> | 13:02 |
| volga629 | Hello Everyone, I am just trying understand how radius service is working with wikid | 13:05 |
| nowen | volga629: hey | 13:05 |
| volga629 | Hey, thank s for email | 13:05 |
| volga629 | I started Radius server from web interface, but no listen port and wikidctl report on status. | 13:07 |
| volga629 | [root@host131 ~]# wikidctl status | 13:07 |
| volga629 | Error: WiKID services not functioning properly. | 13:07 |
| nowen | volga629: in order for 'wikidctl status' to work, you need to do the edits I just posted | 13:07 |
| nowen | what problem are you having? | 13:07 |
| volga629 | my question is about Radius, when I started service in web interface, it should have listen port 1812 or I need install radius separately ? | 13:11 |
| nowen | no need to install radius | 13:12 |
| nowen | run 'netstat -anp | grep 1812' and see if java is listening | 13:12 |
| volga629 | no listen port | 13:12 |
| volga629 | I tired look with lsof -i UDP | 13:13 |
| volga629 | tried | 13:13 |
| nowen | did you enable the protocol? | 13:13 |
| nowen | hmm, I don't see it using lsof -i UDP. | 13:14 |
| nowen | can you try using netstat? | 13:14 |
| volga629 | yes no listen port let me post it | 13:14 |
| nowen | oh, wait I do see it | 13:14 |
| nowen | did you create a network client that uses radius? | 13:15 |
| volga629 | https://fpaste.networklab.ca/gSXp/ | 13:15 |
| volga629 | no | 13:15 |
| nowen | there will be no listener until you create a network client | 13:16 |
| volga629 | ok let me try, I have on network primary radius, which will proxy to wikid | 13:17 |
| volga629 | I need create domain first ? | 13:17 |
| nowen | yes | 13:17 |
| volga629 | ok | 13:17 |
| volga629 | do I need restart after adding network client ? | 13:21 |
| nowen | yes | 13:21 |
| nowen | just wikid | 13:21 |
| volga629 | I added network client restarted and no listen port | 13:26 |
| nowen | when you ran start, did it is say that radius was starting? | 13:34 |
| volga629 | [root@host131 ~]# wikidctl start | 13:35 |
| volga629 | Starting database...Success! | 13:35 |
| volga629 | Success! | 13:35 |
| volga629 | Starting Logger service...Success! | 13:35 |
| volga629 | Starting TimeCop service...Success! | 13:35 |
| volga629 | Starting Tomcat server ...Success! | 13:35 |
| volga629 | [root@host131 ~]# wikidctl status | 13:35 |
| volga629 | Error: WiKID services not functioning properly. | 13:35 |
| nowen | I don't see radius listed | 13:35 |
| nowen | ignore wikidctl status | 13:36 |
| volga629 | yes, it didn't says that radius started | 13:36 |
| nowen | did you follow this doc? http://www.wikidsystems.com/support/wikid-support-center/manual/how-to-install-the-wikid-strong-authentication-server? | 13:37 |
| volga629 | yes | 13:37 |
| nowen | under Configuration, Enable Protocols, which ones are Enabled? | 13:38 |
| volga629 | Radius and WAUTH | 13:39 |
| nowen | did you make any changes on the radius protocol page? | 13:39 |
| *** nowen has quit (Remote host closed the connection) | 13:41 | |
| volga629 | no all default | 13:41 |
| *** nowen (~nowen@50-194-249-125-static.hfc.comcastbusiness.net) has joined #wikid | 13:42 | |
| nowen | volga629: and your network client, what options did you use? | 13:43 |
| volga629 | Name IP and NAS-identifier, domain name | 13:43 |
| nowen | and radius is the protocol? | 13:44 |
| volga629 | Ok I found issue it in my godaddy cert. I changed to wild card one and it started | 13:47 |
| nowen | what cert? | 13:47 |
| volga629 | In Intermediate CA | 13:49 |
| volga629 | [root@host131 ~]# wikidctl restart | 13:49 |
| nowen | that may cause other issues down the road too | 13:49 |
| volga629 | Stopping Tomcat server ...Success! | 13:49 |
| volga629 | TimeCop process already stopped. | 13:49 |
| volga629 | wAuth protocol daemon already stopped. | 13:49 |
| volga629 | RADIUS protocol daemon already stopped. | 13:49 |
| volga629 | LDAP protocol not enabled. | 13:49 |
| volga629 | Stopping Logger service...Success! | 13:49 |
| volga629 | Stopping database...Success! | 13:49 |
| volga629 | Starting database...Success! | 13:49 |
| volga629 | Success! | 13:49 |
| volga629 | Starting Logger service...Success! | 13:49 |
| volga629 | Starting TimeCop service...Success! | 13:49 |
| volga629 | Starting wAuth protocol daemon... | 13:49 |
| volga629 | Enter wAuth Passphrase: Passphrase is good. Proceeding ...Success! | 13:49 |
| volga629 | Starting Tomcat server ...Success! | 13:49 |
| volga629 | Starting RADIUS protocol daemon ...Success! | 13:50 |
| volga629 | LDAP protocol not enabled. | 13:50 |
| volga629 | [root@host131 ~]# | 13:50 |
| volga629 | [root@host131 ~]# netstat -an | grep 1812 | 13:50 |
| volga629 | udp 0 0 :::1812 :::* | 13:50 |
| volga629 | [root@host131 ~]# | 13:50 |
| volga629 | that match better | 13:50 |
| nowen | probably best to get it working first, based on the documentation and then make changes like using your own cert | 13:51 |
| volga629 | yes, I am just trying understand how everything working, next part will be proxy and setup one client for vpn or wifi | 13:56 |
| *** nowen has quit (Remote host closed the connection) | 14:29 | |
| *** nowen (~nowen@50-194-249-125-static.hfc.comcastbusiness.net) has joined #wikid | 14:30 | |
| *** mcmasterathl (~Adium@74.114.47.2) has joined #wikid | 18:29 | |
| mcmasterathl | anyone ever have the token client on Mac OS X fail to connect to the server | 18:30 |
| mcmasterathl | and no traffic appears to ever leave? | 18:30 |
| nowen | hmm, can you run it in debug mode? | 18:30 |
| mcmasterathl | yes, tried | 18:31 |
| mcmasterathl | it says its connecting to http://server-ip/blah | 18:31 |
| nowen | and it just won't go? | 18:31 |
| mcmasterathl | but tcpdump says otherwise | 18:31 |
| nowen | is there some kind of firewall ? | 18:31 |
| mcmasterathl | firewall shows no logs off attempts | 18:31 |
| mcmasterathl | mac firewall is disabled | 18:31 |
| nowen | huh | 18:31 |
| mcmasterathl | trying one other thing i forgot to try | 18:32 |
| mcmasterathl | and that was it | 18:32 |
| mcmasterathl | cisco anyconnect :( | 18:32 |
| mcmasterathl | installed, not even running | 18:32 |
| nowen | what happens when you try to browse to that url? | 18:32 |
| mcmasterathl | it worked | 18:33 |
| mcmasterathl | well | 18:33 |
| mcmasterathl | it loaded | 18:33 |
| mcmasterathl | got an error about GET not allowed | 18:33 |
| nowen | that's the correct response | 18:33 |
| nowen | something is blocking the token | 18:34 |
| mcmasterathl | i guess it was the anyconnect client | 18:34 |
| mcmasterathl | i dunno what it does, i remember getting complaints about that before actually | 18:34 |
| *** mcmasterathl has parted #wikid (None) | 19:21 | |
| *** volga629 has parted #wikid (None) | 20:07 | |
| *** nowen has quit (Quit: Leaving.) | 22:06 | |
| *** volga629 (~bendersky@CPE00090f1b215c-CM7cb21b15b251.cpe.net.cable.rogers.com) has joined #wikid | 23:24 | |
| volga629 | Hello Everyone, I am trying register new token according to wiki, but keep says that can't connect is there require open some port on local firewall ? | 23:26 |
| volga629 | It says can't obtain configuration for domain ID | 23:30 |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!