| *** Ravi__ (ca419303@gateway/web/freenode/ip.202.65.147.3) has joined #wikid | 09:31 | |
| Ravi__ | Hi everybody | 09:31 |
|---|---|---|
| Ravi__ | can anybody help Wikid Integration with OpenVPN | 09:45 |
| Ravi__ | any pointers or URLs in this regard will be quite helpful | 09:45 |
| *** Ravi__ has quit (Quit: Page closed) | 12:05 | |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 14:11 | |
| *** Elmar_ (2e2250b8@gateway/web/freenode/ip.46.34.80.184) has joined #wikid | 15:47 | |
| Elmar_ | Hi Nick, just a quicky as I started to setup my wikid server. Somthing wrong with the update function? | 15:49 |
| Elmar_ | first got, cannot resolve hostname, filled the resolv.conf witrh my name server, then I got a 120 secs timeout. | 15:50 |
| nowen | Elmar_: we do updates via rpm now | 15:50 |
| Elmar_ | thanks, whish you good luck! ;-) | 15:51 |
| nowen | wait, what are you trying to do? | 15:51 |
| nowen | are you trying to update the ISO? via yum? | 15:51 |
| Elmar_ | had a fresh install and tried the button Configuration, Update the WIKID Server, was just curious. | 15:52 |
| nowen | ahh, ok. | 15:53 |
| Elmar_ | I installed the ISO into a VMware guest yesterday. | 15:53 |
| nowen | any issues? | 15:53 |
| nowen | other, I mean ;-) | 15:54 |
| Elmar_ | 3.5 0-b1472, probably no update available ;-) | 15:54 |
| nowen | hehe, correct. ;-) | 15:54 |
| Elmar_ | Got my Token Client on the iPhone working already. | 15:55 |
| Elmar_ | Now I have to setup some network clients. | 15:55 |
| nowen | cool. we just had to update it, thanks to Apple | 15:55 |
| nowen | radius is your friend | 15:56 |
| Elmar_ | never had to deal with radius before, so many new things for me ;-) | 15:56 |
| nowen | well, the most complex thing about it is the vague terms. | 15:57 |
| nowen | will you run the authentications through your directory? | 15:57 |
| Elmar_ | need to run 2factor authentication for MS Exchange OWA, openVPN, Lotus notes web interface, maybe single sign on if possible. | 15:57 |
| nowen | so, radius will work with all of those. You can point them directly to WiKID or you can point them to the MS radius plugin NPS and it will authorize the users based on their AD username and proxy the creds to WiKID if they authz ok | 15:58 |
| Elmar_ | just somewhere inbetween our project to move from Lotus Notes to Outlook/Exchange | 15:58 |
| Elmar_ | and suddenly dealing with 2 ADs, our won plus the one from the mother company :-( | 15:59 |
| nowen | hmm | 16:00 |
| nowen | not sure what to do about two ADs | 16:01 |
| nowen | So, will some users of these services be on different ADs? | 16:02 |
| Elmar_ | the PC is in the one domain and needs another authentication for Exchange in the other domain, not nice for the user. | 16:02 |
| nowen | wow, yeah, I don't know. Maybe the MS federation product would help? | 16:03 |
| Elmar_ | no, no, keep them seperatly for the moment, enough hassle with Exchange ;-) | 16:04 |
| nowen | lol | 16:04 |
| Elmar_ | can I ran auth.against 1st domain for openVPN and auth. for WebAccess to the 2nd domain on the same wikid server? | 16:05 |
| nowen | you can certainly have more than one WiKID domain, but you might be better off doing that logic in a real radius server, ie, NPS | 16:06 |
| nowen | or freeradius | 16:06 |
| nowen | Because then your AD admins or HR people can quickly disable people. | 16:07 |
| nowen | For example, with NPS, you can have a policy that says 'if it comes from WebAccess IP, make sure it is in Group X and if it does, send the creds to WiKID too' | 16:08 |
| Elmar_ | yes, need to setup the NPS, too, just for the wireless clients. | 16:11 |
| nowen | sadly, MS has made it a bit more complex that how I describe it | 16:12 |
| Elmar_ | thanks, will keep this in mind. | 16:13 |
| nowen | and while you will most likely need MS docs, we have an overview eguide here: http://www.wikidsystems.com/learn-more/white-papers | 16:14 |
| nowen | and we have docs for openvpn community and AS | 16:14 |
| Elmar_ | maybe I could start with an easier thing, apache authentication for reverse proxy against one AD? | 16:15 |
| nowen | well, you are right - start simple. | 16:17 |
| nowen | maybe: 1. test a network client to wikid radius auth. | 16:17 |
| nowen | 2. test network client to NPS auth using AD creds | 16:17 |
| nowen | 3. test Network client to NPS to WiKID | 16:17 |
| Elmar_ | yes, will start with small steps ;-) | 16:19 |
| Elmar_ | thanks for all the hints, will leave now :-) | 16:21 |
| nowen | later! | 16:21 |
| Elmar_ | cu! | 16:21 |
| *** Elmar_ has quit (Quit: Page closed) | 16:22 | |
| *** nowen has quit (Quit: Leaving.) | 22:53 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!