Tuesday, 2013-03-26

« Monday, 2013-03-25 Index Wednesday, 2013-03-27 »
*** volga629 (~bendersky@host7.pythian.com) has joined #wikid12:27
*** volga629 has parted #wikid (None)13:00
*** nowen (~nowen@50-194-249-125-static.hfc.comcastbusiness.net) has joined #wikid13:03
*** nowen has quit (Remote host closed the connection)14:34
*** nowen (~nowen@50-194-249-125-static.hfc.comcastbusiness.net) has joined #wikid14:35
*** explorer21st (324e40ae@gateway/web/freenode/ip.50.78.64.174) has joined #wikid19:22
*** explorer21st has quit (Client Quit)19:22
*** Angel (417113c2@gateway/web/freenode/ip.65.113.19.194) has joined #wikid21:07
nowenhey Angel!21:07
nowenI thought this would be faster21:07
*** Angel has quit (Client Quit)21:08
nowenero21:08
*** Angel (417113c2@gateway/web/freenode/ip.65.113.19.194) has joined #wikid21:08
AngelHello21:08
nowenwelcome back ;-)21:08
Angelyep21:09
nowenok - so, you have no radius listener on the WiKID server?21:09
AngelIt's installed but apparently not responding.21:09
nowenwhat do you mean 'installed'?21:10
AngelUsing the enable parameters of the WiKID page.21:10
nowenok21:10
nowenand you created a network client for the Citrix?21:11
Angelyep21:13
nowenand it's still not there?21:13
AngelDouble checking the settings?21:16
nowendid you change any of the settings?21:17
AngelNo21:18
nowenis ldap enabled?21:18
nowenit shouldn't be, it would just take up memory21:19
AngelNo21:19
AngelJust WAUTH and Radius21:19
AngelLet me go ahead and start and stop.21:19
nowenok21:19
AngelInteresting that when starting and stopping from v3.4.87-b839 I can see that RADIUS messages about starting and stopping is showing.21:23
nowenyou know, I think 839 is very slow for radius21:24
AngelBun on v3.5.0-b1403 I don't see any messages about it starting21:24
AngelI am using right now tcpdump port radius -v to see if there is any communication when I use the Citrix Web Interface to communicate and the Web Interface fails.21:25
Angeland no communication. by the way both servers are on the same subnet21:26
nowendo you have both servers up?  839 and 1403?21:26
Angelyep21:27
AngelBut the servers are on different zones.21:27
AngelOne is at our Data Center the other one is here at corporate for testing.21:27
nowenok21:28
nowenare we working on 839?21:28
AngelTrying to get things working first in the test environment so I can make sure configurations are sound before implementing on production version.21:31
nowenjust making sure21:31
nowendoes 'netstat -anp | grep 1812' show anything?21:31
Angelyes21:32
nowenok good21:32
nowenthat was not the case before, right?21:33
AngelIt showed nothing, even though I enabled it.21:33
nowenok, that's progress21:34
nowenhowever, if you weren't seeing anything on the tcpdump command, that means that the citrix isn't getting the radius packets to wikid21:35
nowencan you try that again now that we know wikid is listening?21:38
*** Angel has quit (Ping timeout: 245 seconds)21:38
*** Angel (417113c2@gateway/web/freenode/ip.65.113.19.194) has joined #wikid21:43
AngelLooks like I lost communication with you through IRC21:43
nowenyeah21:43
AngelAnyways I found what the potential problem is from the Web Interface side21:44
nowenwhat's the status?  have you tried citrix again?21:44
AngelI did a bing/google search to see about the error. Some someone suggested I edit the web.config file and add the IP address of the RADIUS server directly and now I am at lease getting the PASSCODE prompt21:45
nowenwhat radius server are you using?21:45
AngelThe WIKID server.21:45
nowenthere is no web.config on the wikid server21:46
nowendid you install something else on the WiKID server?21:47
AngelSorry. I am referring to the Web server hosting the Citrix Web Interface.21:47
nowenok - people do install freeradius on the WiKID server and it messes everything up21:48
AngelThis is something that you may want to add to your knowledge base article that you have on Web Interface21:48
AngelRegarding adding the IP address to the web.config21:49
nowenyeah, once we get it all running, send me some notes so I can update that doc21:49
nowenand you can reference it for the move to prod ;-)21:50
AngelIs wikid case sensitive with the preregistration user names?21:52
nowenI think so21:52
nowenalthough, user names in wikid should be case-insensitive.21:55
AngelI am now seeing requests arriving at the WiKID server from tcpdump21:55
Angelstill not able to authenticate for some reason21:55
nowensweet21:55
nowenanything in the WiKIDAdmin logs?21:55
AngelERROR: java.net.SocketException: Broken pipe21:56
AngelCouldn't validate the client certificate. Verify the validity and dates of the client cert21:56
Angel10.14.95.25 - - "GET /openid/images/logo.gif HTTP/1.1" 404 34421:57
nowenis the date on that recent?21:57
nowenhttp://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-can-i-set-radius-logging-to-debug-how-can-i-see-if-wikid-is-getting-the-radius-requests21:57
Angeltoday21:57
nowenis the user enabled?21:57
Angel2013-03-26 13:21:13.23421:57
nowenset the logging to debug for radius and try to auth again21:57
nowenbut first21:58
nowencheck the user21:58
AngelStill get an authentication error.22:02
nowendid you set up radius debugging?22:02
Angelyes. What am I supposed to see?22:02
AngelI do see something that says Username Attribute (1) etc...22:03
nowenif you set the log level to Debug and hit the filter button you should see a lot22:03
nowendo you see a reason for denying?22:03
nowenyou can post it to pastebin.org, if you like22:03
AngelHow do I know if Wikid is accepting the client passcode.22:08
nowendo you see > Access-Request(1) LEN=116 10.100.0.112:42935 Access-Request by ossim Failed: AccessRejectException: Access Denied22:09
nowenwhere ossim is the username?22:10
nowenand the 10.100 address is your citrix?22:10
AngelIv'e tried entering a bad passcode and I get the same message as if I enter a good passwcode.22:13
nowenwhat is the message?22:13
AngelAccess Request (q), id: 0x00 length:7722:14
AngelInstead of that q it's supposed to be 122:14
nowenis that in the WiKIDAdmin logs?22:15
nowenit should look like: http://pastebin.com/DxBmDs3F22:16
AngelInteresting that I am not getting any logs showing.22:17
AngelDuring that test time22:17
nowenon your configure loggers page, do you have the three middle loggers set to debug?22:18
AngelNo. Just changed.22:19
AngelWill test again.22:19
nowenand add the radius logger22:19
nowencom.wikidsystems.radius.log.DBSvrLogImpl and set it to debug22:19
nowennote that restarting will set them all back22:19
Angelwhere do I add the Radius logger from22:26
nowensee the new logger filter?  click select a current logger22:26
Angelgot it22:28
AngelDo I need to change the startup logging configuration?22:28
nowenonly if you want it to stay that way.  you might want to for now, but don't do it in production as the logs get huge22:29
AngelWhat am I looking for in the Debug log?22:37
Angelit shows no errors22:37
AngelIssued passcode to device 296741064291246748122:37
nowenand that's the last thing?22:37
nowenthat means no radius traffic22:37
nowendo you still see it via tcpdump?22:37
Angelyes22:38
Angelshows the same message I sent you earlier22:38
nowenyou sent a tcpdump message?22:38
AngelThe source in the log was com.wikidsystems.server.DeviceTransactionExec22:38
nowenyeah, that doesn't matter22:39
nowenbut what do you see using 'tcpdump port radius' on the terminal?22:39
AngelIP vmlvw01.hdi.com.62923 > vmlvwikid03.hdi.com.radius: RADIUS, Access Request (1), id: 0x00 length: 7722:40
Angelthat's the exact message with the exception of the time22:40
Angelvmlvw01 is the Citrix web interface server22:41
nowenwhat's the IP address of that server?22:42
Angel10.14.80.10522:42
AngelThe Wikid is 10.14.80.10422:42
nowenrun 'iptables -L -n'22:42
nowendo you see that ip?22:42
AngelAll show 0.0.0.0/022:43
nowenrun 'service iptables stop' and try again22:44
AngelSame22:53
nowenwhat IP did you use on the network client?22:53
Angel10.14.80.10522:53
nowenhmm22:54
AngelI also have the secret stored in the conf folder as well22:54
nowenthe radius listener is still up?22:54
AngelYes. I am seeing the communique from tcpdum port radius22:54
nowenwell, you are seeing the request from citrix, but you're not seeing the response from WIKDI22:55
AngelLet me test something real quick. I am going to temporarily disable the Radius 2Factor from the web interface and make sure that I can log in as normal.22:55
nowen[root@167 ~]#  tcpdump port radius22:55
nowentcpdump: verbose output suppressed, use -v or -vv for full protocol decode22:55
nowenlistening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes22:55
nowen18:55:38.243465 IP 10.100.0.112.58375 > 167.radius: RADIUS, Access Request (1), id: 0x0a length: 11722:55
nowen18:55:38.260002 IP 167.radius > 10.100.0.112.58375: RADIUS, Access Reject (3), id: 0x0a length: 3822:55
nowenthat's what tcpdump should look like22:55
nowenthe WiKID server is not respondig for some reason22:56
AngelOk. that part does work.22:56
AngelSo it has to do with the wicked Authentication22:56
nowenyes, can you run 'netstat -anp | grep 1812' again and post the response?22:57
Angeludp 0 0 ::fff:127.0.0.1:1812  :::*22:58
Angel1479/java22:59
nowencan you check that all four of those loggers are still on debug?23:00
AngelOk now I'm getting debug info23:01
Angelcom.wikidsystems.server.DeviceTransactionExec Submitted PIN verified23:01
Angelcom.wikidsystems.crypto.wJceEncKeys Cipher's block size is 11723:01
Angelcom.wikidsystems.server.WikidCode5AES Passcode request processing successfully completed.23:01
AngelThat's just some.23:02
nowenthat's all just the passcode still23:02
nowenwe need radius23:02
nowenit should look like: http://pastebin.com/DxBmDs3F23:03
Angelone moment I am having my firewall guy open access to that site.23:05
AngelOk. I have access now.23:12
nowendo you see what I mean by radius logging info?23:15
AngelYes23:25
nowenbut still none on your server?23:25
AngelBut there is no information like that23:27
nowenok23:27
nowenso, iptables is off, the requests are coming in, but not getting recognized23:28
AngelIt appears that way.23:28
nowenthis is 839?23:28
AngelCorrect23:28
AngelAll filter levels have been set to debug including com.wikidsystems.radius.log.DBSvrLogImpl23:29
nowenok - I'd like to upgrade, I think it must be a radius issue we fixed somewhere along the ling23:29
nowenline23:29
AngelDid you want to shift to the 3.5 v in our Data Center?23:30
nowenI would like to upgrade this server23:30
AngelNp23:30
nowenI'll get you the link23:30
nowenunless you have the rpms already23:30
Angellet me check23:31
nowenwas this built with the iso?23:31
Angelyes23:34
AngelBuild with the ISO23:34
nowenhttp://wikidsystems-dl.com/wikid-server-enterprise-3.5.0.b1411-1.noarch.rpm23:34
nowenand http://wikidsystems-dl.com/wikid-utilities-3.4.2-1.i386.rpm23:34
nowenyou can get them to the server using 'wget http://wikid...'23:37
nowenand then run 'rpm -Uvh wikid-*'23:37
nowennot sure what your linux level is...23:38
AngelNot too much. More of a Windows system expert. Low experience with linux. Know some commands. but not alot . sorry23:40
nowenno problem23:40
AngelI understand the rpm packaging and how this get installed.23:40
nowenI think WiKID is a good platform to learn on23:40
nowenI did ;-)23:40
AngelAgreed.23:40
AngelOk. I have downloaded them.23:45
Angelsorry I did it on my win box. meant to do it on my server.23:45
nowennp23:49
AngelThey are extracting now.23:53
nowenextracting?23:53
AngelSorry wrong terminology executing with the rpm. Installing...23:53
AngelMarbles in mouth...23:54
nowenphew ;-)23:54
AngelIt's done.23:54
nowenok, start wikid23:54
Angelk23:54
nowenand try to login again23:54
Angelits starting.23:54
AngelIt's applying the updates now.23:54
Angelwhat username and password do I use now23:57
nowenfor what?23:57
nowenthe WiKIDAdmin?23:57
AngelWhen I try and log in to the web page the admin credentials I used before are not working? Were you talking about the WiKID server or the Citrix Web Interface login?23:58
nowenwell, the original ones are WiKIDAdmin and 2Factor23:58
nowenthat could be a database issue though23:58
« Monday, 2013-03-25 Index Wednesday, 2013-03-27 »

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!