Friday, 2013-09-27

« Thursday, 2013-09-26 Index Saturday, 2013-09-28 »
*** Guest97385 has quit (Ping timeout: 250 seconds)00:37
*** mkirank (6a338d8d@gateway/web/freenode/ip.106.51.141.141) has joined #wikid05:12
mkirankI am trying to generate a certificate after installation and get a "database error prevented processing of your request"05:13
*** mkirank has quit (Quit: Page closed)05:58
*** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid13:16
*** nowen is now known as msg13:16
*** msg is now known as nowen13:17
*** nowen has quit (Quit: Leaving.)14:02
*** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid14:03
*** mkirank (7ab369e7@gateway/web/freenode/ip.122.179.105.231) has joined #wikid17:02
mkirankHow long does it take to generate a certificate17:02
nowennot long at all,17:02
nowenmust be an error17:02
nowenwhat is the domain?17:03
mkirankhmm, I get a your certificate is being generated message but nothing happens17:03
mkirankthe one that I enter in the server host name ?17:03
nowenyeah17:04
mkirankkirank.dev.genares.net17:04
nowenok - not seeing it. hold on a bit17:05
nowenok - try it now17:19
mkirankok17:20
mkirankI'm getting a certificate DN's are required to be unique17:22
nowenhmm17:24
nowencan you slightly change it - I can't get to that db from here to delete it, it's stuck in a bit of a no-mans land. just change the email address - doesn't have to be real or you can do name+cert@..com17:25
mkirankok17:27
mkirankthat fixed it17:29
mkirankWhen configured does wikid act as a radius server ?17:30
nowen thanks for letting me know17:30
nowenit will authenticate radius requests, but that's about it17:30
nowenreal radius servers will do authorization against a directory etc17:30
mkirankdoes it use port 1812 ?17:31
nowenuse17:31
nowenyes17:31
mkirankok17:31
mkirankI am trying to wrap my head around a system that I inherited17:31
nowenso, you can have your VPN talk to it directly, or you can put a radius server in the middle of the two17:32
mkirankwe do not seem to have a radius server17:32
mkirankthe clients have radius configured to point to a wikid system17:32
nowenko17:33
nowenok17:33
nowenhow many clients are there?17:33
mkirankthere are around 15-20 servers17:35
mkirankthe wikid is broken when we tried to upgrade17:36
nowenand each one is listed as a network client on the WiKID Server?17:36
mkirankIt was supposed to be working earlier, by the time I started it was broken when we tried to upgrade and it is in that state17:37
nowenwhat is going wrong?17:37
mkirankthe previous sysadmin had made a few local mods to wikid to run only as wikid user and postgre port is changed to 543417:38
mkirankwhen we try to start wikid the wauth keeps printing ... and does not come out of it, there does not seem to be any errors in the log17:39
nowenhmm17:40
nowenso upgrading would change the port back17:40
nowenplus we added support to run as wikid users17:40
nowenon the latest rpms you do have to create new certs. that could be it17:41
mkirankso for postgres change we have to modify the port on the tomcat server.xml right ?17:42
nowenare you running in replication?17:43
mkirankyes it used to run replication17:43
nowenok - that's probably why the port is that way17:44
nowencan you start the server now?17:45
mkirankdo I change the server.xml file ?17:45
nowennot yet, I want to know if the updated server with the new cert will restart properly17:46
nowenwhat version did you update to?17:46
mkirank3.5 build 0-b142817:47
mkirankThe cert i generated is for a test server17:47
mkirankon the main server we are unable to get wikid to start17:48
nowenon your main server run this: keytool -list -v -keystore /opt/WiKID/private/intCAKeys.p12 -storetype pkcs12 -storepass yourpassphrase17:48
mkirankI am not sure what the passphrase is17:49
nowenlook in /etc/WIKID/security17:49
nowenis it in that file?17:51
mkirankok I got back the output17:51
nowenis the cert expired?17:51
mkirankno its valid till 201617:51
nowenhmm17:51
nowenour last cert expired this year.  the new one 202417:52
nowenoh wait17:52
nowenrun keytool -list -v -keystore /opt/WiKID/privateCACertStore17:52
nowenuse passphrase == changeit17:52
mkirankkeystore file does not exist17:55
nowenoops17:55
nowenopt/WiKID/private/CACertStore17:55
nowendropped a /17:55
mkirankyeah noticed that17:55
mkirankgot back something17:55
nowenexpired?17:56
mkirankit has 2 entries,17:57
mkirankfirst one expired17:57
nowenok17:57
nowenhow many users on this system?17:57
mkiranknot sure about exact number17:58
mkirankbut I'm guessing within 10017:58
nowenok17:58
nowenwhat version is on the production server/17:59
nowen?17:59
mkirank3.5.0.b1428-118:00
nowenhuh - ok18:00
nowenthat's a bit puzzling.  1428 should have the new cert18:01
mkirankso what happened was after the new upgrade we could not get tomcat to start18:01
mkirankso it was left in that state for a while18:02
nowendid you upgrade the secondary too?18:05
mkirankno I do not thing it was upgraded but let me check18:06
mkiranksecondary has 3.4.1.b3314-118:07
nowenso, they should both be the same18:09
nowenunless you turned off replication18:09
mkirankno I guess we started the upgrade on the primary and when that did not come up the secondary was not changed18:10
nowenI'm still worried about the cert being expired. did you do the upgrade?18:10
nowenalso, did you upgrade the utilites rpm?18:11
mkirankyes we upgraded the utility rpm, we worked with someone from wikid support that day ( not sure who it was)18:12
nowenhaha, most likely me ;-)18:12
mkiranklol18:12
mkirankmy coworker was with me18:12
nowenhmm18:13
nowenok - so,  here is a link to a more recent RPM.  http://wikidsystems-dl.com/wikid-server-enterprise-3.5.0.b1428-1.noarch.rpm18:13
nowengrab that and upgrade on the production server.  then upgrade both rpms on the secondary18:14
mkirankI will need permission to do that , What is the best way to go about this ?18:15
mkirankjust upgrade wikid and start over ?18:15
mkirankIs there a way to restore the old configuration18:16
nowen just rpm -Uvh the rpms.  then run 'wikidctl sync'18:16
nowenthen start18:16
nowendid you'll do a back up/18:16
nowen?18:16
nowenit might be problematic as the certs are expired.18:16
nowenwe could promote your secondary18:17
mkirankyes we do back up but in this case it has been broken for sometime so not sure if what we have helps18:17
nowenyour secondary has the old version18:17
mkirankyes it has the old version18:17
mkirankcan we get the old version on the primary and get it working and then upgrade ?18:17
nowenwhy?  we can just promote the secondary and see if it works. then work on the primary18:18
mkirankhmm18:19
mkirankyeah that option seems to make sense18:20
mkirankso is it a matter of starting wikid and telling it to take over ?18:20
nowenhttp://www.wikidsystems.com/support/wikid-support-center/installation-how-tos/how-to-configure-the-wikid-strong-authentication-system-for-replication18:20
mkirankok let me check with the team and see what they think about this18:22
nowenok18:24
nowenI have a meeting from about 3-4 pm edt18:28
mkirankI've told them the option , it might be a while till I hear from them18:32
nowenok18:38
nowenwhat timezone are you in?18:38
mkirankI'm in IST18:40
mkirankthe team is CST18:40
nowenhow long has the server been down?18:41
mkirankIt has been around 4-5 months18:43
nowenwoah18:43
mkiranklol but does not affect us much18:43
mkirankI'm not sure why this was set up initially18:45
nowenI'm guessing to meet PCI compliance18:46
mkirankyeah I think that is correct18:46
nowenok - I have to go. I will be back later18:56
*** nowen has quit (Quit: Leaving.)18:56
*** mkirank has quit (Quit: Page closed)18:59
*** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid19:51
*** nowen has quit (Quit: Leaving.)20:55
« Thursday, 2013-09-26 Index Saturday, 2013-09-28 »

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!