| *** volga629 has parted #wikid (None) | 02:23 | |
| *** volga629 (~bendersky@host7.pythian.com) has joined #wikid | 11:57 | |
| *** nowen (~nowen@50-194-249-125-static.hfc.comcastbusiness.net) has joined #wikid | 12:50 | |
| volga629 | Hello Everyone, I got my user register and token working, right question about router. My router is configured for Radius. radius looking into ldap bring user name and authenticate so what will process to register user for this domain to use token. and if domain di should be 0 and ip of router ? | 13:12 |
|---|---|---|
| volga629 | id | 13:12 |
| nowen | you are able to get one-time passcodes from a registered token? | 13:16 |
| volga629 | yes | 13:23 |
| volga629 | I enter my pin | 13:23 |
| nowen | and did you associate the registration code with a user name on the WiKID server? | 13:24 |
| volga629 | no look like missing this step | 13:25 |
| nowen | go into Users/Manually validate a user/ click on the registration code and enter a username | 13:26 |
| nowen | if the code is not there, delete the domain on the token and re-create it | 13:26 |
| volga629 | ok | 13:26 |
| volga629 | Ok done I see my username under users | 13:28 |
| nowen | ok | 13:28 |
| nowen | your router is talking radius to the WiKID server? | 13:28 |
| volga629 | yes radius is proxy to wikid | 13:29 |
| nowen | ok | 13:29 |
| nowen | try logging in | 13:30 |
| volga629 | is registered user should be on same domain with router ? | 13:35 |
| nowen | what do you mean? | 13:35 |
| volga629 | I have 2 domain id's | 13:35 |
| volga629 | one for router and another for user | 13:36 |
| nowen | why do you want a domain for the router? | 13:36 |
| nowen | domains are where users go | 13:36 |
| nowen | network clients are where routers go | 13:36 |
| volga629 | When creating network client you specify which domain it is | 13:37 |
| nowen | yes | 13:37 |
| nowen | to associate the users you want to be able to log in to that network client | 13:38 |
| volga629 | ok so domain id can different for network client and for user ? | 13:39 |
| nowen | it's a triangle: http://www.wikidsystems.com/learn-more | 13:40 |
| nowen | so the tokens talk to the server via the domain and port 80. The user logs into the network client, which in turn validates the OTP via radius over the internal network over 1812 udp | 14:36 |
| volga629 | thanks for explanation, i will continue on lab set up later on | 15:16 |
| joevano | nowen: did you see the thing about Cisco's hashing scheme fiasco: http://arstechnica.com/security/2013/03/cisco-switches-to-weaker-hashing-scheme-passwords-cracked-wide-open/ | 17:16 |
| nowen | hehe, yeah | 17:17 |
| joevano | that article you just tweeted about "Authentication: the Text Factor", if I had your phone I could get your passcode or was I missing something | 17:20 |
| nowen | I just think that people are over relying on the security of SMS. I think of it as email. | 17:21 |
| joevano | exactly | 17:21 |
| nowen | except that it all goes fewer places ;-) | 17:22 |
| nowen | and the companies that control those places aren't incented to protect them like you might want | 17:23 |
| *** chris_____ (3ebe9a72@gateway/web/freenode/ip.62.190.154.114) has joined #wikid | 17:24 | |
| nowen | welcome chris_____ | 17:24 |
| chris_____ | hello | 17:24 |
| chris_____ | Is that Nick | 17:25 |
| nowen | yes | 17:25 |
| chris_____ | Hi its chris Mukasa | 17:25 |
| nowen | I thought this would be easier | 17:25 |
| chris_____ | I've sent you a few messages about getting my wikid enterprise..... up and running | 17:25 |
| nowen | yes, first thing, can you run 'rpm -qa | grep wikid' for me | 17:25 |
| chris_____ | Ok let me do now | 17:26 |
| chris_____ | [root@wik ~]# rpm -qa | grep wikid wikid-utilities-3.4.2-1.x86_64 wikid-server-enterprise-3.5.0.b1411-1.noarch | 17:27 |
| nowen | and this server is 64 bit? | 17:27 |
| chris_____ | yes | 17:27 |
| nowen | ok - run 'java -version' | 17:27 |
| chris_____ | [root@wik ~]# java -version java version "1.7.0_09-icedtea" OpenJDK Runtime Environment (rhel-2.3.4.1.el6_3-x86_64) OpenJDK 64-Bit Server VM (build 23.2-b09, mixed mode) | 17:28 |
| nowen | how did you install that? | 17:29 |
| chris_____ | I follwed the guide on website | 17:29 |
| chris_____ | I did not install anything extra | 17:29 |
| chris_____ | when I provisioned server it only had ssh | 17:29 |
| chris_____ | and basic centos | 17:29 |
| nowen | the instructions say 'yum install java-1.6.0-openjdk' | 17:30 |
| nowen | but you've got 1.7 | 17:30 |
| chris_____ | I just followed the instructions, did not install anything myself | 17:30 |
| nowen | run 'rpm -qa | grep openjdk' | 17:30 |
| chris_____ | [root@wik ~]# rpm -qa | grep openjdk java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3.x86_64 java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.x86_64 | 17:31 |
| nowen | hmm | 17:32 |
| nowen | let's try 'yum remove java*' | 17:32 |
| nowen | I'm guessing it will ask you to remove two packages | 17:33 |
| chris_____ | done | 17:33 |
| chris_____ | Removed: java-1.6.0-openjdk.x86_64 1:1.6.0.0-1.57.1.11.9.el6_4 java-1.7.0-openjdk.x86_64 1:1.7.0.9-2.3.4.1.el6_3 Dependency Removed: postgresql-jdbc.noarch 0:8.4.701-8.el6 | 17:33 |
| nowen | ok, now 'yum install java-1.6.0-openjdk' | 17:33 |
| chris_____ | Done | 17:34 |
| nowen | ok, now try 'wikidctl start' | 17:34 |
| chris_____ | Installed: java-1.6.0-openjdk.x86_64 1:1.6.0.0-1.57.1.11.9.el6_4 Complete! | 17:34 |
| nowen | and then run 'netstat -anp | grep 443' | 17:36 |
| nowen | once it has started | 17:36 |
| chris_____ | nothing returned | 17:37 |
| chris_____ | root@wik ~]# netstat -anp | grep 443 [root@wik ~]# | 17:38 |
| nowen | run 'getenforce' | 17:38 |
| chris_____ | It was on but iv taken it off | 17:39 |
| chris_____ | [root@wik ~]# getenforce Enforcing [root@wik ~]# setenforce 0 [root@wik ~]# getenforce Permissive | 17:39 |
| chris_____ | still nothing returned | 17:40 |
| chris_____ | [root@wik ~]# netstat -anp | grep 443 [root@wik ~]# | 17:40 |
| nowen | did you restart after taking it off? | 17:43 |
| chris_____ | no | 17:43 |
| chris_____ | what's the command | 17:43 |
| nowen | 'wikidctl restart' | 17:44 |
| chris_____ | if I reboot server it comes back on by default | 17:44 |
| chris_____ | I think | 17:44 |
| nowen | yes, you need to edit /etc/sysconfig/selinux to turn it off permanently | 17:45 |
| chris_____ | done | 17:47 |
| chris_____ | i guess i must reboot? | 17:47 |
| nowen | no | 17:47 |
| chris_____ | Ok | 17:47 |
| nowen | you can change it using setenforce | 17:47 |
| nowen | 'setenforce Permissive' | 17:47 |
| nowen | iirc | 17:47 |
| chris_____ | ok done | 17:48 |
| nowen | then run 'wikidctl restart' again | 17:49 |
| chris_____ | Ok done | 17:50 |
| chris_____ | [root@wik ~]# netstat -anp | grep 443 [root@wik ~]# | 17:50 |
| chris_____ | nothing returned | 17:51 |
| nowen | run '/opt/WiKID/bin/jsvc' | 17:51 |
| chris_____ | [root@wik ~]# /opt/WiKID/bin/jsvc No class specified Cannot parse command line arguments [root@wik ~]# | 17:52 |
| chris_____ | not taking command | 17:54 |
| nowen | run 'uname -a' | 17:54 |
| chris_____ | uname -a | 17:55 |
| nowen | yes, run that command | 17:55 |
| chris_____ | [root@wik ~]# uname -a Linux wik.colabs.co.uk 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux [root@wik ~]# | 17:55 |
| nowen | run ' /opt/WiKID/bin/jsvc64 -debug start' | 17:57 |
| chris_____ | [root@wik ~]# /opt/WiKID/bin/jsvc64 -debug start +-- DUMPING PARSED COMMAND LINE ARGUMENTS -------------- | Detach: True | Show Version: No | Show Help: No | Check Only: Disabled | Stop: False | Wait: 0 | Run as service: No | Install service: No | Remove service: No | JVM Name: "null" | Java Home: "null" | PID File: "/var/run/jsvc.pid" | User Name: "null" | | 17:59 |
| chris_____ | I thought it would not all fit in | 17:59 |
| nowen | are you wed to 64 bit centos? | 17:59 |
| chris_____ | so I sent you an email | 17:59 |
| chris_____ | sorry wed? | 17:59 |
| chris_____ | I'm using 64 bit centos | 18:00 |
| nowen | b/c at this point, I recommend you switch to our ISO which is 32 bit | 18:00 |
| chris_____ | Ok | 18:00 |
| chris_____ | I'll install now and see if it works | 18:01 |
| nowen | I'll get you a link | 18:01 |
| nowen | http://wikidsystems-dl.com/wikid-enterprise-3.5.0-b1411-install.iso | 18:01 |
| chris_____ | I've downloaded it already just in case | 18:03 |
| chris_____ | what is recommended memory and disk space for an install of 10 users? | 18:03 |
| chris_____ | btw I'm using a virtual guest | 18:04 |
| chris_____ | what is the iso is it linux, soloris, windows or other? | 18:05 |
| chris_____ | or unix? | 18:05 |
| chris_____ | If it's linux is it based on centos? | 18:06 |
| joevano | We recommend 40 gigs of drive space, 2 gigs of memory, and 2 nic cards. (Or one if you intend to NAT the server.) Select Red Hat 32-bit for your virtual image. | 18:09 |
| joevano | from here: http://www.wikidsystems.com/downloads/download_images | 18:09 |
| chris_____ | Ok what version of redhat 2, 3, 5, 5.4 or later or 6 | 18:10 |
| nowen | 5 | 18:10 |
| nowen | or 5.4 | 18:10 |
| chris_____ | ok cpu archetcture i686 | 18:10 |
| nowen | yes | 18:10 |
| chris_____ | Ok, it's cooking | 18:13 |
| chris_____ | how long are you there for? | 18:13 |
| nowen | a few more hours | 18:13 |
| chris_____ | it will probably take at least 10-20min | 18:14 |
| chris_____ | can i give you a chat session then? | 18:14 |
| nowen | yes | 18:14 |
| chris_____ | or should i keep window open | 18:14 |
| chris_____ | ? | 18:14 |
| nowen | it's fine to keep it open | 18:14 |
| chris_____ | Ok | 18:17 |
| chris_____ | back in a few mins | 18:17 |
| nowen | ok | 18:18 |
| *** volga629 has parted #wikid (None) | 18:55 | |
| chris_____ | hello | 19:00 |
| chris_____ | nick | 19:00 |
| nowen | hi | 19:01 |
| chris_____ | what is the login info once install has finished | 19:01 |
| nowen | root / wikid | 19:01 |
| chris_____ | Silly question | 19:06 |
| chris_____ | why would I want to use eth1 | 19:06 |
| chris_____ | is if I'm natting? | 19:06 |
| chris_____ | I'm not natting at the moment | 19:06 |
| nowen | set it up for the internal address. the server needs something | 19:06 |
| nowen | you can nat it later | 19:06 |
| chris_____ | also sit0 | 19:06 |
| chris_____ | aahhh | 19:07 |
| nowen | don't set that up | 19:07 |
| chris_____ | can the Sit0 have same range as eth1 | 19:07 |
| nowen | it's some vmware thing | 19:07 |
| chris_____ | I clicked no for eth1, I only configured eth0 will that cause a problem? | 19:09 |
| nowen | that should be fine | 19:09 |
| nowen | you can add it later. we recommend one eth for the external ip and one for the internal, but if you're nat'ting I don't think it matters | 19:10 |
| chris_____ | Ok, I think I'm getting somewhere | 19:14 |
| chris_____ | what is login username and password of webfront | 19:14 |
| nowen | you are right here: http://www.wikidsystems.com/support/wikid-support-center/manual/how-to-install-the-wikid-strong-authentication-server | 19:15 |
| nowen | WiKIDAdmin / 2Factor | 19:15 |
| chris_____ | excellent | 19:24 |
| chris_____ | thanks for the site | 19:24 |
| chris_____ | thanks for all your help | 19:34 |
| nowen | no problem. sorry for the issues, not sure what that was about | 20:00 |
| *** chris_____ has quit (Ping timeout: 245 seconds) | 20:58 | |
| *** nowen has quit (Remote host closed the connection) | 21:13 | |
| *** nowen (~nowen@50-194-249-125-static.hfc.comcastbusiness.net) has joined #wikid | 21:14 | |
| *** nowen has quit (Quit: Leaving.) | 21:36 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!