| *** blackvipe has quit () | 00:42 | |
| *** joevano has quit (Ping timeout: 258 seconds) | 04:16 | |
| *** joevano (~joevano@c-71-193-108-171.hsd1.in.comcast.net) has joined #wikid | 04:16 | |
| *** joevano has quit (Changing host) | 04:16 | |
| *** joevano (~joevano@bzflag/developer/JoeVano) has joined #wikid | 04:16 | |
| *** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 12:32 | |
| *** Philipp_ (d5b39ef2@gateway/web/freenode/ip.213.179.158.242) has joined #wikid | 19:21 | |
| Philipp_ | Hello nowen... | 19:23 |
|---|---|---|
| nowen | hi | 19:23 |
| Philipp_ | I had no luck with reinstalling an blank centos 6.2 and the latest stable wikid release... still the same error, that the ldap service does not start automatically... | 19:24 |
| nowen | yeah, I'm pretty sure it is a permissions bug on our end. | 19:25 |
| Philipp_ | but changing the permissions of /directory to root:root, starting the start-ds manually and disabling the firewall "solves" my problem... | 19:25 |
| Philipp_ | but now: another error when testing an ldapsearch: | 19:26 |
| Philipp_ | ERROR: java.io.IOException: PKCS12 key store mac invalid - wrong password or corrupted file. | 19:26 |
| Philipp_ | have you ever seen the error message? | 19:26 |
| nowen | yes, it means that the passprhase is wrong for the cert | 19:28 |
| Philipp_ | from which certificate? where do I have to store it? in the config? | 19:28 |
| nowen | in the Config/Enable Protocols/LDAP. You need to enter the localhost passphrase | 19:29 |
| Philipp_ | do I have to change the wAuthCAStorePW? | 19:30 |
| joevano | nowen: ok, my turn for support... | 19:31 |
| joevano | ;-) | 19:31 |
| nowen | joevano: about time ;-) | 19:31 |
| joevano | lets see how you juggle 2 of us | 19:31 |
| nowen | Philipp_: LDAP_wauth_pass needs to be your localhost passphrase | 19:32 |
| joevano | example.jsp: get he following error when trying to access the page "The wClient connection to the server was NOT successfully established" | 19:32 |
| joevano | in the logs I get ERROR: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? | 19:33 |
| nowen | joevano: did you edit the page to change the passphrase? | 19:33 |
| joevano | yes | 19:33 |
| nowen | joevano: did you update the server and not re-edit? | 19:33 |
| joevano | no... still there | 19:33 |
| nowen | hmm. is your cert still valid? | 19:34 |
| Philipp_ | ok, thank you... now I get an ldap reply... | 19:34 |
| Philipp_ | next step for me is to connect my citrix access gateway... | 19:34 |
| nowen | is ldapsearch working? | 19:35 |
| Philipp_ | do you know, which base-dn I do have to specify? | 19:35 |
| Philipp_ | yes, ldapsearch is now working... | 19:35 |
| nowen | Philipp_: we have reached the end of my ldap knowledge | 19:36 |
| Philipp_ | ok, I'll try... will give you feedback | 19:36 |
| nowen | Philipp_: you can see this page on how to do ldap & apache: http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-add-two-factor-authentication-to-the-seccubus-automated-vulnerability-scanner | 19:36 |
| nowen | joevano: when did this start? | 19:39 |
| joevano | we have never had that working... | 19:40 |
| nowen | ahh | 19:40 |
| nowen | did you restart after editing? I assume so | 19:40 |
| joevano | just now searching the page to test our certs | 19:40 |
| joevano | yeah | 19:40 |
| joevano | should the port be 8389 or 8388? mine says 8389 and the line on the support site says 8388 | 19:44 |
| nowen | 8388 | 19:56 |
| joevano | yeah... weird, let me change that | 19:57 |
| joevano | nope still the same error | 20:01 |
| nowen | and you restarted aftward? | 20:01 |
| nowen | afterward? | 20:01 |
| joevano | yes and my passphrase is correct because I copied it out of the file that holds it for autostarting the server | 20:02 |
| nowen | is that the same passphrase as the localhost? | 20:02 |
| nowen | here's some clean code: http://pastebin.com/m3C5q4QG | 20:03 |
| nowen | I have to go and get some children and take them to a place. I'll be back in about an hour | 20:03 |
| joevano | kk | 20:04 |
| *** nowen has quit (Quit: Leaving.) | 20:04 | |
| joevano | getting "ERROR: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate" in the logs | 20:24 |
| joevano | so what certificate does that mean? | 20:24 |
| joevano | this all checks out fine: http://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-do-i-know-if-my-certificate-is-valid | 20:25 |
| joevano | is it the ssl certificate on the web interface? | 20:25 |
| *** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 21:11 | |
| Philipp_ | hi nick... is there anywhere a documentation of the ldap components? how to connect to the directory service? authdn? basedn? | 21:16 |
| joevano | welcome back nowen, did you look at the logs for when you were away? | 21:16 |
| nowen | Philipp_: not really | 21:17 |
| nowen | joevano: not yet | 21:17 |
| joevano | got a cert error, but not sure what the means | 21:17 |
| nowen | same one? | 21:17 |
| Philipp_ | does nobody use ldap? :-( | 21:17 |
| joevano | ERROR: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate | 21:18 |
| nowen | joevano: is there a little bomb icon? | 21:18 |
| joevano | in the logs? | 21:18 |
| nowen | yeah, on the same line | 21:19 |
| nowen | if you click on it, it give the whole stacktrace | 21:19 |
| joevano | no no bombs, just filter icons | 21:20 |
| joevano | oh, this is new Couldn't validate the client certificate. Verify the validity and dates of the client cert. | 21:21 |
| nowen | there we go | 21:21 |
| nowen | did you check the localhost cert with keytool? | 21:21 |
| *** Philipp_ has quit (Quit: Page closed) | 21:21 | |
| joevano | i did... but ill check it again | 21:22 |
| joevano | maybe I was looking with my "man eyes" | 21:22 |
| joevano | intCAKeys.p12 Valid from: Fri Apr 20 15:22:54 EDT 2012 until: Mon Apr 20 15:22:54 EDT 2015 | 21:25 |
| joevano | localhost.p12 Valid from: Fri Apr 20 10:01:39 EDT 2012 until: Sat Apr 20 10:01:39 EDT 2013 | 21:25 |
| joevano | getting close on the localhost, but not quite | 21:26 |
| joevano | date is correct on the server | 21:26 |
| nowen | yep | 21:26 |
| nowen | did you set up ADRegister? | 21:26 |
| joevano | no, I have not | 21:27 |
| nowen | and your code looks ok? | 21:27 |
| joevano | yep replced it with what you pastebinned and put my server key and passphrase in... left changeme alone | 21:28 |
| nowen | odd | 21:29 |
| nowen | well, you can re-create the localhost without any issues. it might be interesting to see if that's it. I don't imagine it is | 21:30 |
| joevano | http://pastebin.com/c1tT7Xni | 21:30 |
| joevano | how do I go about that? through the configuratien tab, "Create LocalHost" cert link | 21:31 |
| nowen | try this: if there is a line return after the passphrase, delete it | 21:32 |
| joevano | oh... that may be pretty smart | 21:32 |
| joevano | nope | 21:36 |
| joevano | didn't work | 21:36 |
| nowen | rats | 21:36 |
| joevano | so use the create a LocalHost Cert on the config tab next? | 21:36 |
| nowen | yeah | 21:37 |
| joevano | only WAUTH and Radius are enabled... that ok? | 21:39 |
| nowen | yes | 21:41 |
| joevano | well, I'll be... | 21:42 |
| joevano | I thought there was no way that was it, but it was | 21:42 |
| nowen | huh | 21:42 |
| joevano | new local cert, restart and the page works | 21:43 |
| joevano | thanks, your a genius | 21:43 |
| nowen | yeah. that's weird though | 21:43 |
| joevano | it is... though the guy who installed it was confused about the whole cert thing... maybe he created them out of order? | 21:44 |
| nowen | that's not possible. maybe the date was wrong on the server when it was created? | 21:44 |
| joevano | ok... next question before you run | 21:45 |
| nowen | ok | 21:45 |
| joevano | maybe | 21:45 |
| joevano | we are licensed for 75 clients is that a hard stop, we have 72 deployed | 21:45 |
| nowen | not too hard at this time :-) | 21:46 |
| joevano | trying to collect all the outstanding activecards that we have and decommision that | 21:46 |
| joevano | so as soon as I have a good #, I'll have you hit me up for some more $$ | 21:46 |
| nowen | sounds good to me | 21:47 |
| nowen | you know, you could put the reg part of example.jsp behind active card login and have the users reg themselves | 21:47 |
| joevano | Jeff is sending out the "survey" tomorrow, so I should have a good idea in the next couple of weeks | 21:47 |
| joevano | yeah, but the activecard tokens are starting to die and I just want to be rid of them | 21:48 |
| joevano | everyone just loves having it on their phone or PC | 21:48 |
| nowen | they login with Activecard, register their WiKID token, throw away the card | 21:48 |
| joevano | no hunting around for another device | 21:49 |
| joevano | oh, thats a good idea | 21:49 |
| joevano | os this example.jsp page, if I want to register another client (say my laptop, because I travel without my phone sometimes) I would use Add a Pre-Registration Code: setion? | 21:51 |
| joevano | and not check override existing | 21:52 |
| nowen | well, there are three options for plain registration: registration, add device and add device without a passcode | 21:53 |
| nowen | the last two register to an existing username | 21:53 |
| joevano | ok | 21:53 |
| nowen | pre-reg is if you upload a list of pre-shared secrets and usernames to the server | 21:54 |
| joevano | weird the "Find User by Name" fails looking for anyone | 21:54 |
| nowen | then you give your users the pre-shared secrets | 21:54 |
| joevano | yeah | 21:54 |
| joevano | that makes sense | 21:54 |
| nowen | do you see 'Failed (No user returned)'? | 21:55 |
| joevano | yes | 21:55 |
| joevano | but the report buttons work | 21:55 |
| joevano | i was just trying out something I could do now | 21:56 |
| joevano | ok... last one because I am late leaving for home... way late | 21:57 |
| nowen | find user is working for me | 21:57 |
| joevano | weird, Ill play with it more tomorrow | 21:57 |
| joevano | we are on 3.4 build 87-b1216, is it same to upgrade to the version on the downloads page? | 21:58 |
| joevano | last time I asked you said to wait because of a bug that was being fixed | 21:58 |
| joevano | s/same/safe/ | 21:58 |
| nowen | It's pretty stable right now. Probably a good time to upgrade | 21:58 |
| joevano | awesome... a task for tomorrow | 21:59 |
| nowen | the recent change was to fix a pre-reg issue | 21:59 |
| joevano | ah | 21:59 |
| nowen | ok | 21:59 |
| joevano | k, night | 21:59 |
| nowen | later! | 21:59 |
| *** nowen has quit (Quit: Leaving.) | 22:16 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!