| *** nowen (~nowen@50-194-249-125-static.hfc.comcastbusiness.net) has joined #wikid | 13:10 | |
| *** jnosky (d83ae01e@gateway/web/freenode/ip.216.58.224.30) has joined #wikid | 15:11 | |
| *** jnosky has quit (Client Quit) | 15:12 | |
| blackvipe | hello | 18:14 |
|---|---|---|
| nowen | hi | 18:14 |
| blackvipe | sorry didnt get back as soon | 18:14 |
| nowen | np | 18:14 |
| blackvipe | stil working on the radius server | 18:14 |
| blackvipe | I am using a tool to test it call NTRadping | 18:14 |
| nowen | ok | 18:15 |
| blackvipe | now it is running on alpha01 | 18:16 |
| blackvipe | but getting no responce back from the radius server | 18:16 |
| blackvipe | radius WIKID is setup like this | 18:16 |
| blackvipe | Alpha01 192.168.1.16 Radius Alphacomm-usa.com [EDIT] N/A | 18:16 |
| blackvipe | [erich@linux01 ~]$ nslookup alpha01 | 18:17 |
| blackvipe | Server: 127.0.0.1 | 18:17 |
| blackvipe | Address: 127.0.0.1#53 | 18:17 |
| blackvipe | Name: alpha01.alphacomm-usa.com | 18:17 |
| blackvipe | Address: 192.168.1.16 | 18:17 |
| blackvipe | [erich@linux01 ~]$ | 18:17 |
| blackvipe | here is the wireshark it going to the server | 18:23 |
| blackvipe | 75532.424241000192.168.1.16192.168.1.25RADIUS62Status-Server(12) (id=10, l=20) | 18:23 |
| blackvipe | this is tcp dump getting the request | 18:26 |
| blackvipe | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | 18:26 |
| blackvipe | listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes | 18:26 |
| blackvipe | 14:26:14.819831 IP 192.168.1.17.64951 > linux01.alphacomm-usa.com.radius: RADIUS, Status Server (12), id: 0x0d length: 20 | 18:26 |
| blackvipe | so based on that it should work | 18:28 |
| nowen | yes | 18:28 |
| blackvipe | iptables is off | 18:28 |
| nowen | did you get the example.jsp page working? | 18:28 |
| blackvipe | yep it works | 18:40 |
| blackvipe | so I was able to generate a use token | 18:41 |
| nowen | and did you login to the example.jsp page? | 18:41 |
| blackvipe | yep | 18:41 |
| blackvipe | Success | 18:41 |
| nowen | the the logging to debug and try again: http://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-can-i-set-radius-logging-to-debug-how-can-i-see-if-wikid-is-getting-the-radius-requests | 18:42 |
| nowen | you should see some radius information | 18:42 |
| nowen | which version of WiKID is this? | 18:43 |
| blackvipe | wikid-server-enterprise-3.5.0 | 18:45 |
| nowen | what's the build number? | 18:46 |
| blackvipe | wikid-server-enterprise-3.5.0-b1373 | 18:46 |
| blackvipe | one error I do see | 18:49 |
| blackvipe | but don't thing it is related | 18:49 |
| blackvipe | A C3P0Registry mbean is already registered. This probably means that an application using c3p0 was undeployed, but not all PooledDataSources were closed prior to undeployment. This may lead to resource leaks over time. Please take care to close all PooledDataSources. | 18:49 |
| nowen | that's nothign | 18:49 |
| nowen | let's update the rpm | 18:51 |
| blackvipe | ok | 18:51 |
| nowen | 'wget http://wikidsystems-dl.com/wikid-server-enterprise-3.5.0.b1421-1.noarch.rpm' | 18:51 |
| nowen | and then 'rpm -Uvh wikid-server-enterprise-3.5.0.b1421-1.noarch.rpm' | 18:51 |
| nowen | and restart | 18:52 |
| blackvipe | ok restarted | 18:57 |
| blackvipe | going to give it a try | 18:57 |
| blackvipe | nope same thing | 18:57 |
| blackvipe | just so ya know I have IPtables disabled | 18:58 |
| nowen | hmm. disable the radius protocol. restart WiKID and re-enable it. | 18:59 |
| blackvipe | ok its stopped | 19:02 |
| blackvipe | just so ya know there are no other raduis servers | 19:02 |
| blackvipe | [root@linux01 init.d]# netstat -anp | grep 1812 | 19:02 |
| blackvipe | unix 2 [ ACC ] STREAM LISTENING 11812 2022/master private/relay | 19:02 |
| blackvipe | [root@linux01 init.d]# | 19:02 |
| blackvipe | ok status is showing disabled | 19:04 |
| blackvipe | Radius Disabled | 19:04 |
| blackvipe | going to enable it and restart | 19:04 |
| blackvipe | ok it's restarted | 19:06 |
| blackvipe | going to test it now | 19:06 |
| blackvipe | nope | 19:07 |
| blackvipe | still timming out | 19:07 |
| nowen | anything in the logs? | 19:08 |
| blackvipe | yep | 19:08 |
| blackvipe | Can't start RADIUS Server | 19:08 |
| blackvipe | looks like it's a problem starting the radius server | 19:08 |
| nowen | hmm | 19:09 |
| nowen | and the upgrade took ok? | 19:14 |
| blackvipe | yep | 19:15 |
| blackvipe | let me see if I can setup a webex | 19:16 |
| nowen | well, there's a bug in that version | 19:16 |
| nowen | here's what happened: in the website update, the download pages got dropped back a version or two | 19:16 |
| nowen | so you downloaded an old version | 19:16 |
| nowen | so, you updated the Radius Protocol page? Can you do that again, but this time, hit shift-ctrl-R to reload the page? | 19:19 |
| blackvipe | yep I went back to home then went back into configuration | 19:20 |
| blackvipe | here is webex information | 19:26 |
| blackvipe | I don't have audio | 19:26 |
| blackvipe | https://www.webex.com/login/attend-a-meeting | 19:26 |
| blackvipe | 193082837 | 19:26 |
| blackvipe | meeting number | 19:27 |
| blackvipe | I'll share the linux stuff | 19:27 |
| nowen | keyboard is screwy | 19:31 |
| nowen | run 'netstat -anp | grep java' | 19:32 |
| nowen | you will have to enter the passphrase | 19:37 |
| blackvipe | as ya can see there is no responce | 19:43 |
| nowen | do you see the error | 19:43 |
| *** Philipp_ (d5b39ef2@gateway/web/freenode/ip.213.179.158.242) has joined #wikid | 19:45 | |
| nowen | hi Philipp_ | 19:45 |
| Philipp_ | Hello... | 19:45 |
| nowen | blackvipe: looks like the WiKID server thinks the packets are coming from .17 | 19:46 |
| Philipp_ | can anybody give mit some help with the community edition and the integrated ldap server? | 19:46 |
| nowen | maybe | 19:46 |
| nowen | what are you trying to do? | 19:47 |
| Philipp_ | as the community edition has to radius enabled, I tried to use the system as an ldap server to authenticate my citrix users against the wikid token systems | 19:48 |
| nowen | does citrix support ldap? | 19:48 |
| Philipp_ | yes, the citrix access gateway does... | 19:48 |
| Philipp_ | the problem I have is that the ldap server doesn't run (I checked via netstat) on my wikid server... | 19:49 |
| Philipp_ | I followed the support-document and tried to browse the ldap via ldapsearch, but no success... | 19:49 |
| Philipp_ | first question is: is it correct, that the wikid-server has the function of an ldap-authentification server? | 19:50 |
| blackvipe | there we go | 19:51 |
| blackvipe | that is alittle different now | 19:51 |
| blackvipe | looks like it worked | 19:53 |
| blackvipe | when I changed the request type | 19:53 |
| nowen | Philipp_: yes | 19:53 |
| nowen | blackvipe: excellent | 19:53 |
| blackvipe | cool thanks for the help | 19:53 |
| nowen | np | 19:53 |
| nowen | sorry for the download issue | 19:53 |
| blackvipe | no problem | 19:55 |
| blackvipe | I have a idea for the password startup issue | 19:55 |
| blackvipe | though | 19:55 |
| blackvipe | so you can start it without operator | 19:55 |
| blackvipe | or root I should say | 19:55 |
| nowen | the server or the token? | 19:55 |
| blackvipe | is expect script | 19:55 |
| Philipp_ | how can I troubleshoot my problem? It seems, that the ldap services doesn't start. | 19:56 |
| blackvipe | I have used them before in SSH | 19:56 |
| nowen | blackvipe: for the server or the token? if the former: http://www.wikidsystems.com/support/wikid-support-center/faq/how-can-i-restart-the-server-without-being-asked-for-the-passphrase | 19:56 |
| blackvipe | oh ok cool | 19:56 |
| nowen | Philipp_: do you see any errors in the WiKIDAdmin logs? | 19:56 |
| blackvipe | Cool! | 19:57 |
| Philipp_ | you meen at startup? | 19:57 |
| nowen | Philipp_: no, in the WiKIDAdmin web UI | 19:57 |
| Philipp_ | hm, not really... I installed the server on CentOS 6.4 64bit. Could that be an problem? Should I use another OS? | 19:59 |
| nowen | I don't think so | 19:59 |
| nowen | you enabled the protocol and created a network client? | 20:00 |
| Philipp_ | yes, I did... | 20:00 |
| Philipp_ | but I didn't create any certificates via the gui. is that neccessary? | 20:00 |
| nowen | yes, it is | 20:00 |
| Philipp_ | first intermediate ca? | 20:01 |
| nowen | both | 20:01 |
| nowen | but yes, that firsty | 20:01 |
| Philipp_ | when trying to create an intermediate ca, I just get an page with the wikid navigation-bar, but no content or form... | 20:02 |
| nowen | what version are you running? | 20:02 |
| Philipp_ | wikid-server-community-3.5.0-b1399 | 20:02 |
| Philipp_ | is that the latest stable? | 20:03 |
| nowen | check /opt/WiKID/tomcat/logs/catalina.out | 20:03 |
| nowen | yes | 20:03 |
| Philipp_ | no error in catalina.out... just a blank page. | 20:04 |
| nowen | hmm | 20:04 |
| Philipp_ | on which os have you successfully tested the version wikid-server-community-3.5.0-b1399 ? | 20:04 |
| nowen | what version of java? | 20:04 |
| nowen | centos, but mostly 6.2 | 20:05 |
| Philipp_ | OpenJDK Runtime Environment (IcedTea6 1.11.9) (rhel-1.57.1.11.9.el6_4-x86_64) | 20:05 |
| Philipp_ | OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode) | 20:05 |
| Philipp_ | do I have to change any parameters like Auth Passwords to create a certificate? | 20:09 |
| nowen | no, you shouldn;t't | 20:09 |
| Philipp_ | any possibility to change the debug level of the tomcat? | 20:11 |
| nowen | brb - phone call | 20:12 |
| Philipp_ | sorry, phone call not possible at the moment. maybe a remote session? | 20:13 |
| Philipp_ | oh sorry ;-) didn't know the meaning of brb ;-) | 20:14 |
| *** Philipp__ (d5b39ef2@gateway/web/freenode/ip.213.179.158.242) has joined #wikid | 20:16 | |
| *** Philipp_ has quit (Quit: Page closed) | 20:16 | |
| Philipp__ | I'm still there... just changed my computerdevice... | 20:17 |
| nowen | ok | 20:17 |
| Philipp__ | do you think my problems could be solved when installing the server on centos 6.2? | 20:18 |
| Philipp__ | do you recommend 32 or 64 bit? | 20:18 |
| nowen | it doesn't seem like that would be a factor | 20:18 |
| nowen | what doc did you follow for the install? | 20:18 |
| nowen | I bet it is a networking thing | 20:19 |
| nowen | can you re-run setup and enter your network info? | 20:19 |
| Philipp__ | http://www.wikidsystems.com/support/wikid-support-center/installation-how-tos/how-to-install-the-wikid-community-edition-3.x | 20:20 |
| Philipp__ | I could try to rerun the setup... | 20:20 |
| Philipp__ | should I? | 20:20 |
| nowen | yes | 20:20 |
| Philipp__ | ok... one moment please. | 20:21 |
| Philipp__ | how should I rerun the setup? | 20:22 |
| nowen | wikidctl setup | 20:22 |
| Philipp__ | wow, now I can create an certificate... | 20:26 |
| Philipp__ | I have now created all certificates and will now restart the server... | 20:30 |
| Philipp__ | how can I see, if the ldap server is running? | 20:33 |
| nowen | 'netstat -anp | grep 389' | 20:34 |
| Philipp__ | result: unix 2 [ ] DGRAM 18389 3622/sshd | 20:34 |
| Philipp__ | when starting the wikidctrl I get: Starting LDAP protocol daemon...Success! | 20:38 |
| Philipp__ | but the service does not seem to run... | 20:38 |
| nowen | I'm building a test server | 20:38 |
| Philipp__ | do you have any idea in which log I could check? | 20:39 |
| Philipp__ | do you build the test server right now? | 20:47 |
| Philipp__ | I just read after the certificate creation: If you choose to use the commercial version after 30 days please contact certs@wikidsystems.com for a permanent production certificate. | 20:48 |
| Philipp__ | does that mean, that I can't use the community version after 30 days? | 20:48 |
| nowen | no | 20:49 |
| nowen | you can use it | 20:50 |
| Philipp__ | ok; is there anywhere an special logfile for the ldap daemon? | 20:50 |
| Philipp__ | could you please send me an email with the result of your tests? | 20:51 |
| nowen | I will probably have to have someone else look at this | 21:02 |
| blackvipe | nowen | 21:04 |
| blackvipe | question | 21:04 |
| blackvipe | unix authnication under centos | 21:05 |
| nowen | blackvipe: yes | 21:05 |
| blackvipe | doesn't centos still required LDAP to get it's directories and UID and GUI from? | 21:05 |
| nowen | yes, radius won't do that | 21:05 |
| blackvipe | cool | 21:05 |
| blackvipe | I got that part down | 21:06 |
| blackvipe | I have done that under solaris :D | 21:06 |
| Philipp__ | nowen, could that be a problem: lh-wikid.lhdon.local : Apr 3 23:05:44 : wikid : user NOT in sudoers ; TTY=pts/0 ; PWD=/ ; USER=postgres ; COMMAND=/usr/bin/psql -h localhost -d wikid -f /opt/WiKID/conf/database/db-data.sql ? | 21:08 |
| nowen | not sure | 21:09 |
| nowen | yes | 21:11 |
| nowen | what you need to do is run 'chown -R root:root *' on /opt/WiKID/directory' and then restart wikdi | 21:13 |
| nowen | it's a permissions issue | 21:13 |
| blackvipe | ya have any recomendations for using WIKID for windows domain Auth? | 21:20 |
| blackvipe | like windows login? | 21:20 |
| nowen | good luck on that | 21:20 |
| nowen | you can try pgina | 21:20 |
| nowen | the problem is that MS doesn't like people messing with the gina | 21:24 |
| nowen | you are better off going to VDI | 21:24 |
| blackvipe | yep there domain control is a pain in butt to setup and keep running smoothly also hahahha | 21:27 |
| Philipp__ | thanks for your support nowen... I'll try to reinstall the server with centos 6.2 | 21:40 |
| Philipp__ | regards | 21:40 |
| nowen | Philipp__: | 21:40 |
| nowen | wait | 21:40 |
| Philipp__ | ok. | 21:40 |
| nowen | did you change the permissions as suggested> | 21:40 |
| nowen | ? | 21:40 |
| nowen | Philipp__: run 'chown -R root:root *' on /opt/WiKID/directory' and then restart wikid | 21:41 |
| Philipp__ | yes, but now the tomcat does not start anymore... do I have to do a su wikid before starting the wikid server with wikidctrl start? | 21:41 |
| nowen | tomcat doesn't start? | 21:42 |
| nowen | you do not have to su to wikid | 21:42 |
| nowen | do you get an error in the browser? | 21:43 |
| nowen | I'm on 6.3, I don't think that is the problem | 21:44 |
| Philipp__ | no, just an timeout... | 21:44 |
| nowen | what does 'netstat -anp | grep 443' say? | 21:44 |
| nowen | and does wikid still own /opt/WiKID? | 21:45 |
| Philipp__ | netstat on 443 does not return anything... | 21:46 |
| Philipp__ | yes, /opt/WiKID is owned by wikid:root | 21:47 |
| Philipp__ | ok, another machine reboot and the gui is back... | 21:50 |
| Philipp__ | but still no running ldap service... | 21:53 |
| nowen | try running /opt/WiKID/directory/bin/start-ds | 21:53 |
| Philipp__ | now the service runs... | 21:55 |
| nowen | hmm | 21:55 |
| Philipp__ | I always get the following message after restarting the wikid service: | 21:55 |
| Philipp__ | user NOT in sudoers ; TTY=pts/0 ; PWD=/opt/WiKID ; USER=wikid ; COMMAND=/opt/WiKID/directory/bin/start-ds | 21:55 |
| Philipp__ | I get this via email... | 21:55 |
| Philipp__ | seems that the script can't start the start-ds... | 21:56 |
| nowen | go ahead and add wikid to the sudoers file | 21:56 |
| Philipp__ | do you know how? | 21:56 |
| Philipp__ | Ok, found. | 21:58 |
| nowen | well, this is probably the wrong way, but I just edit /etc/sudoers and under the line 'root ALL=(ALL) ALL' I put 'wikid ALL=(ALL) ALL' | 21:58 |
| nowen | you can do it better, I'm sure | 21:58 |
| Philipp__ | hm, the start-ds does not start automatically... but I can start it manually. I'll look after that later... | 22:09 |
| Philipp__ | I have now setup an network client with ip 127.0.0.1 and tried to make the ldapsearch-test. | 22:10 |
| nowen | I've opened a bug for it. are you saying that it doesn't start when you run 'wikidctl restart'? | 22:10 |
| nowen | you will need to use an external network client | 22:10 |
| Philipp__ | no, it does not start when doing an wikidctl start or wikidctl rstart | 22:15 |
| Philipp__ | I think, I found another bug... the firewall does not allow incoming requests for 443, so the gui is not reachable... | 22:20 |
| Philipp__ | do I need the internal firewall of the wikid-server? | 22:33 |
| nowen | that depends on your set up and requirements | 22:33 |
| Philipp__ | I have an firewall in front of my network and the wikid server will be in an dmz. | 22:34 |
| Philipp__ | I asked because I found some prerouting iptables rules in the startup scripts... | 22:34 |
| Philipp__ | but if I don't need it, I will deactivate it. | 22:34 |
| nowen | not needed | 22:35 |
| Philipp__ | enough for today... it's time for bed ;-) | 22:40 |
| nowen | hah! time for me to go too | 22:40 |
| Philipp__ | I'll try the rest tomorrow. thank you for great support! | 22:40 |
| nowen | np | 22:40 |
| Philipp__ | regards from cold germany! | 22:40 |
| nowen | thanks for the trouble shooting | 22:40 |
| Philipp__ | I'll give you feedback if I have my complete solution. | 22:41 |
| nowen | thanks | 22:41 |
| Philipp__ | bye | 22:41 |
| *** nowen has quit (Quit: Leaving.) | 22:50 | |
| *** Philipp__ has quit (Ping timeout: 245 seconds) | 22:50 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!