| *** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 12:52 | |
| *** nowen has quit (Client Quit) | 12:56 | |
| *** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 13:14 | |
| *** blackvipe (~blackvipe@23.31.140.107) has joined #wikid | 15:20 | |
| blackvipe | hello | 15:20 |
|---|---|---|
| joevano | hi | 15:25 |
| nowen | HI | 15:25 |
| joevano | something we can help you with? | 15:25 |
| blackvipe | hey joe | 15:26 |
| blackvipe | I am working on my server tring to get Wikid installed | 15:26 |
| blackvipe | and I think I am still having issues | 15:26 |
| blackvipe | let me show ya a error I am getting | 15:26 |
| blackvipe | : java.io.IOException: PKCS12 key store mac invalid - wrong password or corrupted fil | 15:27 |
| blackvipe | hey nowen | 15:27 |
| nowen | hey | 15:28 |
| blackvipe | any idea's? | 15:28 |
| blackvipe | I have tried to regen the local cert | 15:28 |
| blackvipe | this is a dual homed system | 15:28 |
| nowen | check them via the command line: http://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-do-i-know-if-my-certificate-is-valid | 15:29 |
| blackvipe | yep both keys work | 15:37 |
| blackvipe | and the date and time are correct | 15:37 |
| nowen | what is the date/time of that error? | 15:37 |
| blackvipe | 2013-04-02 11:34:07.997ERRORcom.wikidsystems.client.wClientERROR: java.io.IOException: PKCS12 key store mac invalid - wrong password or corrupted file. | 15:38 |
| blackvipe | let me restart the server | 15:39 |
| nowen | what are you doing when it occurs? | 15:39 |
| blackvipe | AD Registeration | 15:40 |
| nowen | do you have the proper passphrase on that page? | 15:40 |
| blackvipe | let me check | 15:41 |
| blackvipe | fixed but still cert problems | 15:44 |
| blackvipe | Couldn't validate the client certificate. Verify the validity and dates of the client cert. | 15:44 |
| nowen | restart wikid | 15:44 |
| blackvipe | same problem | 15:48 |
| blackvipe | 2013-04-02 11:47:27.571ERRORcom.wikidsystems.client.wClientERROR: java.net.SocketException: Broken pipe | 15:48 |
| blackvipe | 2013-04-02 11:47:27.550ERRORcom.wikidsystems.server.wAuthCouldn't validate the client certificate. Verify the validity and dates of the client cert. | 15:48 |
| nowen | can you post the relevant portion of the code to pastebin sans passphrase? | 15:49 |
| blackvipe | sure | 15:49 |
| blackvipe | http://pastebin.com/WE8tfcMw | 15:52 |
| nowen | are you running selinux? | 16:01 |
| blackvipe | centos | 16:02 |
| blackvipe | 6.3 | 16:02 |
| nowen | is selinux enabled? | 16:02 |
| blackvipe | I beleave it is disabled | 16:03 |
| blackvipe | let me check | 16:04 |
| nowen | run 'getenforce' | 16:04 |
| blackvipe | Enforcing | 16:04 |
| nowen | run 'setenforce disabled' and edit your selinux file so it won't restart on reboot | 16:05 |
| nowen | and restart wikid | 16:05 |
| blackvipe | same error | 16:13 |
| nowen | did you set up the network using 'wikidctl setup'? | 16:15 |
| blackvipe | no, because my network was already configured | 16:18 |
| nowen | go ahead to do it, even if you just enter the info as it is | 16:18 |
| blackvipe | on other thing I did noticed is it requested for postgress-pl | 16:19 |
| blackvipe | They don't have that package availble for centos | 16:19 |
| blackvipe | 6.3 | 16:19 |
| blackvipe | reconfiguring the network was a bad move because it has lost connection with the outside | 16:38 |
| blackvipe | not that I can't get to it | 16:38 |
| blackvipe | let me reconfigure the network connections | 16:38 |
| blackvipe | got the network connections fixed | 16:58 |
| nowen | ok | 16:58 |
| blackvipe | well not it can't find any of the webpages bummer hahahah | 17:00 |
| blackvipe | ok I am just going to yank it out | 17:01 |
| blackvipe | and start from scrtch | 17:01 |
| nowen | ok. well, it could be that postgresql-pl thing too | 17:01 |
| nowen | back in a bit | 17:56 |
| *** nowen has quit (Quit: Leaving.) | 17:56 | |
| blackvipe | found somehting interesting | 18:32 |
| blackvipe | the directions on the site are alittle off | 18:32 |
| blackvipe | postgresql-pl : The postgresql-pl package contains the the PL/Perl, and PL/Python procedural languages for the backend. PL/Pgsql is part of the core server package. | 18:32 |
| blackvipe | so postgresql-pl is apart of the core package | 18:32 |
| *** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 19:03 | |
| *** nowen changed the topic to: "@wikid WiKID" | 19:08 | |
| *** nowen changed the topic to: "#wikid WiKID's IRC support channel. Logs are here: http://www.wikidsystems.com/webdemo/irclogs/index.html. If no one is here use the forums: http://www.wikidsystems.com/support/support/wikid-forums" | 19:09 | |
| blackvipe | nowen | 20:35 |
| nowen | yes? | 20:35 |
| blackvipe | looks like your missing the ASP scripts on your server to configure users | 20:35 |
| blackvipe | http://www.wikidsystems.com/documentation/howtos/strong_authentication_initial_validation | 20:35 |
| nowen | those are replaced by adregister | 20:36 |
| blackvipe | oh ok | 20:36 |
| blackvipe | cool | 20:36 |
| blackvipe | now I am back at adregister | 20:36 |
| nowen | where did you see that link? | 20:36 |
| blackvipe | :D | 20:36 |
| blackvipe | http://www.wikidsystems.com/support/wikid-support-center/manual/how-to-install-the-wikid-strong-authentication-server/installing-the-wikid-strong-authentication-server-enterprise-edition-page-5 | 20:36 |
| nowen | why don't you try example.jsp first | 20:36 |
| blackvipe | example.jsp? | 20:37 |
| nowen | yes, browse down that same manual page | 20:38 |
| nowen | look for Testing One-time passcodes on the WiKID Strong Authentication Server | 20:39 |
| blackvipe | I just got the file configured but don't see one-time passcodes on the page | 20:45 |
| nowen | you wouldn't. OTPs are only one the tokens | 20:45 |
| blackvipe | for like Registration code what goes there | 20:46 |
| nowen | the registration code. ;-) | 20:47 |
| blackvipe | Really hahhahaha | 20:47 |
| nowen | lol | 20:47 |
| nowen | get yourself a token and add your domain to it. | 20:47 |
| nowen | after you double enter your PIN, you get back a reg code | 20:47 |
| nowen | once the reg code is entered into the server, the token is registered | 20:48 |
| blackvipe | yes but I still have to add the user | 20:48 |
| blackvipe | let me mess with the adreg script | 20:48 |
| nowen | you can manually reg a user too | 20:49 |
| blackvipe | yes | 20:49 |
| blackvipe | but what is confusing to me is the format | 20:49 |
| blackvipe | 1234567890123456789012345,username1 | 20:49 |
| blackvipe | 0987654321-0000-xyz,username2.last | 20:49 |
| blackvipe | abcdefghij,username3@example.com | 20:49 |
| nowen | that is for pre-registering users only | 20:50 |
| blackvipe | I know certin parts but the numbers for example | 20:50 |
| nowen | did you set up a token on your domain? | 20:50 |
| blackvipe | Yes | 20:50 |
| nowen | click on 'Manually add a user' | 20:50 |
| blackvipe | I added the domains | 20:51 |
| nowen | the domain for your WiKID server? | 20:51 |
| blackvipe | no | 20:51 |
| blackvipe | haven't added that | 20:51 |
| nowen | do that. the order of them install manual is important. there is meaning for each step | 20:52 |
| blackvipe | cool | 21:00 |
| nowen | it also helps to understand how the crypto works | 21:01 |
| blackvipe | I noticed like some of the screen shots have changed like when adding radius user | 21:01 |
| nowen | probably | 21:01 |
| blackvipe | lets see if my network cleint works :D | 21:02 |
| blackvipe | what Radius Auth method does Wikid us | 21:09 |
| blackvipe | Radius-Chap or PAP? | 21:09 |
| nowen | we support both | 21:16 |
| blackvipe | cool | 21:16 |
| nowen | but aren't you using the Community version? | 21:16 |
| blackvipe | I have the enterpise version installed | 21:17 |
| blackvipe | I reinstalled it today | 21:18 |
| nowen | ok | 21:18 |
| blackvipe | interesting | 21:37 |
| blackvipe | radius server of Wikid looks like it is not running | 21:38 |
| blackvipe | but it says it started the daemon | 21:38 |
| nowen | did you create a network client? | 21:38 |
| blackvipe | looking into that right now | 21:38 |
| nowen | also, are you using the latest version? | 21:46 |
| blackvipe | yep | 21:54 |
| blackvipe | client is configured | 21:54 |
| blackvipe | let me check the listing port of 1812 | 21:54 |
| nowen | run 'netstat -anp | grep 1812' | 21:54 |
| blackvipe | netstat: no support for `AF INET (sctp)' on this system. | 21:55 |
| blackvipe | netstat: no support for `AF INET (sctp)' on this system. | 21:55 |
| blackvipe | unix 2 [ ACC ] STREAM LISTENING 11812 private/relay | 21:55 |
| blackvipe | netstat: no support for `AF IPX' on this system. | 21:55 |
| blackvipe | netstat: no support for `AF AX25' on this system. | 21:55 |
| blackvipe | netstat: no support for `AF X25' on this system. | 21:55 |
| blackvipe | netstat: no support for `AF NETROM' on this system. | 21:55 |
| blackvipe | looks like no radius server | 21:55 |
| blackvipe | interesting | 21:55 |
| nowen | run 'netstat -anp | grep java' | 21:55 |
| blackvipe | ok correction | 21:56 |
| blackvipe | [root@linux01 ~]# netstat -anp | grep 1812 | 21:56 |
| blackvipe | udp 0 0 :::1812 :::* 14961/java | 21:56 |
| blackvipe | unix 2 [ ACC ] STREAM LISTENING 11812 2022/master private/relay | 21:56 |
| nowen | there it is | 21:56 |
| nowen | so, why do you say you think it is not running? | 21:58 |
| blackvipe | is it dedicated to a ethernet adaptor | 21:59 |
| blackvipe | running a test tool on it and it is not responding | 21:59 |
| blackvipe | but have the correct information | 21:59 |
| nowen | is the test tool listed as a network client? | 22:00 |
| blackvipe | correct | 22:00 |
| blackvipe | Alpha01 192.168.1.16 Radius Alphacomm-usa.com [EDIT] N/A | 22:00 |
| nowen | any errors in the WiKIDAdmin logs? | 22:01 |
| blackvipe | nope I wish | 22:02 |
| nowen | run 'tcpdump port radius' on the server | 22:02 |
| blackvipe | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | 22:04 |
| blackvipe | listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes | 22:04 |
| blackvipe | 18:04:15.504026 IP alpha01.alphacomm-usa.com.49786 > linux01.alphacomm-usa.com.radius: RADIUS, Status Server (12), id: 0x08 length: 20 | 22:04 |
| blackvipe | 18:04:19.011427 IP alpha01.alphacomm-usa.com.49786 > linux01.alphacomm-usa.com.radius: RADIUS, Status Server (12), id: 0x08 length: 20 | 22:04 |
| blackvipe | 18:04:22.526882 IP alpha01.alphacomm-usa.com.49786 > linux01.alphacomm-usa.com.radius: RADIUS, Status Server (12), id: 0x08 length: 20 | 22:04 |
| blackvipe | 18:04:26.049663 IP alpha01.alphacomm-usa.com.49786 > linux01.alphacomm-usa.com.radius: RADIUS, Status Server (12), id: 0x08 length: 20 | 22:04 |
| blackvipe | 18:04:29.558803 IP alpha01.alphacomm-usa.com.49786 > linux01.alphacomm-usa.com.radius: RADIUS, Status Server (12), id: 0x08 length: 20 | 22:04 |
| blackvipe | [root@linux01 webapps]# nslookup alpha01.alphacomm-usa.com | 22:05 |
| blackvipe | Server: 127.0.0.1 | 22:05 |
| blackvipe | Address: 127.0.0.1#53 | 22:05 |
| blackvipe | Name: alpha01.alphacomm-usa.com | 22:05 |
| blackvipe | Address: 192.168.1.16 | 22:05 |
| blackvipe | [root@linux01 webapps]# | 22:05 |
| blackvipe | so it knows who it is | 22:06 |
| nowen | right | 22:06 |
| nowen | run 'iptables -L -n' and check to make sure that ip is listed | 22:06 |
| blackvipe | disabled | 22:08 |
| blackvipe | still the same | 22:09 |
| blackvipe | I usally disable IP tables while testing | 22:09 |
| nowen | did you restart WiKID after creating the network client? | 22:11 |
| blackvipe | tried but tring again | 22:12 |
| blackvipe | question on the Assign Return Attribute | 22:14 |
| blackvipe | does any should be put in there | 22:14 |
| blackvipe | Ididn't add anything | 22:15 |
| nowen | nothing is fine | 22:15 |
| blackvipe | I know on radius that it just returns a accept or deny | 22:15 |
| nowen | did you change any of the defaults on the protocol enable page? | 22:15 |
| blackvipe | 22:16 | |
| blackvipe | RADIUS Configuration | 22:16 |
| blackvipe | Typically, there is no need to change any items on this page. | 22:16 |
| blackvipe | RADIUS is ENABLED [ DISABLE ] | 22:16 |
| blackvipe | Host Name: WiKID Radius | 22:16 |
| blackvipe | IP Address: 127.0.0.1 | 22:16 |
| blackvipe | Port: 1812 | 22:16 |
| blackvipe | Debug Level: Normal High Debug | 22:16 |
| blackvipe | UTF is specified | 22:16 |
| blackvipe | UTF8 | 22:16 |
| nowen | ok | 22:16 |
| blackvipe | brb | 22:17 |
| *** nowen has quit (Quit: Leaving.) | 22:19 | |
| *** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 22:19 | |
| *** nowen has quit (Client Quit) | 22:20 | |
| *** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 22:20 | |
| nowen | hmm | 22:56 |
| nowen | later | 23:35 |
| *** nowen has quit (Quit: Leaving.) | 23:35 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!