| *** coolacid (~CoolAcid@unaffiliated/coolacid) has joined #wikid | 00:00 | |
| *** coolacid has quit (Read error: Connection reset by peer) | 00:02 | |
| *** coolacid (~CoolAcid@unaffiliated/coolacid) has joined #wikid | 00:03 | |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 13:19 | |
| *** nowen has quit (Ping timeout: 265 seconds) | 13:29 | |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 13:33 | |
| *** nowen has quit (Client Quit) | 13:34 | |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 13:34 | |
| *** nowen has quit (Client Quit) | 13:36 | |
| *** nowen1 (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 13:36 | |
| *** nowen1 has quit (Ping timeout: 240 seconds) | 13:40 | |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 13:44 | |
| *** nowen1 (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 16:25 | |
| *** nowen has quit (Ping timeout: 264 seconds) | 16:28 | |
| *** jimmy____ (40813d32@gateway/web/freenode/ip.64.129.61.50) has joined #wikid | 16:35 | |
| jimmy____ | Hello Gents. | 16:35 |
|---|---|---|
| nowen1 | ji | 16:35 |
| nowen1 | hi | 16:35 |
| *** nowen1 is now known as nowen | 16:36 | |
| jimmy____ | I am trying to set up wikid and I have a few questions regarding this setup | 16:36 |
| nowen | ok | 16:36 |
| jimmy____ | I am not sure if I need to setup a RADIUS server.. | 16:37 |
| nowen | depends on what you're trying to do | 16:37 |
| jimmy____ | I'm ptying to place the 2 Factor auth for VPN access. | 16:38 |
| jimmy____ | trying** | 16:38 |
| nowen | your VPN can talk radius directly to the WiKID Enterprise server | 16:38 |
| jimmy____ | So far I have the wikid server setup. | 16:38 |
| nowen | if you want to have your directory included for authorization, you will need a separate radius server | 16:38 |
| jimmy____ | And I would like to auth through windows AD | 16:39 |
| nowen | then you need to install and configure NPS, the MS radius plugin | 16:39 |
| jimmy____ | I read the info in configuring NPS | 16:39 |
| jimmy____ | which means that I do not have to configure anything on the switch side? Cisco ASA | 16:40 |
| nowen | The CIsco will be set up to talk radius to NPS. | 16:40 |
| nowen | Cisco >> NPS/AD >> WIKID >> NPS/AD >> Cisco | 16:41 |
| nowen | the users will enter their AD username and WiKID OTP | 16:42 |
| nowen | NPS uses the AD username for authorization, then proxies the creds to WiKID | 16:42 |
| nowen | NPS can be a bit of a pain | 16:44 |
| jimmy____ | I dont know if it's just NPS.. i'm finding this entire setup a pain :( | 16:44 |
| nowen | well, it's a lot of moving parts. the key is to start simple | 16:45 |
| nowen | can you get the cisco using AD creds via NPS? | 16:45 |
| jimmy____ | it's just that my unfimilarity with this causing me to walk around in the dark :( | 16:45 |
| nowen | I hear ya | 16:45 |
| jimmy____ | As of yet I have not done anything besides setup the Wikid server. | 16:46 |
| jimmy____ | My other quesiton was either to go about installing a RADIUS server is really required. | 16:46 |
| nowen | I think NPS is your only choice for a radius server, but i could be wrong. | 16:48 |
| jimmy____ | ugh.. | 16:50 |
| nowen | The ASA might be able to do it | 16:50 |
| nowen | that's a question for #cisco ;-) | 16:50 |
| jimmy____ | http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-add-two-factor-authentication-to-a-cisco-5500-adsm-6.2 that's the link to the ASA 5500 | 16:50 |
| jimmy____ | Im sure if I do that I could skip setting up the NPS, right? | 16:51 |
| nowen | yes, but I think that doesn't include routing the auth through AD. It would prove that you have radius set up correctly on the ASA | 16:52 |
| jimmy____ | I see. I guess I would have to give NPS a try.. see where that takes me.. | 16:56 |
| nowen | I'm sorry. | 16:58 |
| jimmy____ | No worries... I'm sure if I wasn't this handi capped.. I would have got something out of this by now =] | 16:59 |
| nowen | I wish NPS was better. It would make a lot of things easier. | 17:00 |
| jimmy____ | what is the problem with NPS that you would know of? | 17:07 |
| nowen | mostly, I would say bad verbiage. | 17:07 |
| nowen | it's hard to know what is what | 17:07 |
| nowen | I've just seen a lot of people struggle with it | 17:07 |
| nowen | that being said, I tested our tutorial and it worked | 17:08 |
| nowen | also, it's impossible to get good support from MS | 17:08 |
| jimmy____ | I was looking at your tutorial, that seems pretty straight forward.. | 17:08 |
| *** nowen has quit (Quit: Leaving.) | 17:09 | |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 17:10 | |
| nowen | I did not mean to do that ;-) | 17:10 |
| jimmy____ | ok, I was curious if my questions did scare you off... ;) | 17:11 |
| nowen | my suggestion is to start simple - cisco to nps, test with AD creds, then nps to wikid, test with OTP | 17:11 |
| jimmy____ | ok, is there a tutorial for cisco to nps? | 17:12 |
| nowen | just look for how to add a radius server to the cisco | 17:13 |
| jimmy____ | gotcha | 17:13 |
| jimmy____ | just to clarify NPS should be configured on the DC | 17:13 |
| nowen | I think that is simplest | 17:14 |
| *** vladp (6d65ec17@gateway/web/freenode/ip.109.101.236.23) has joined #wikid | 17:18 | |
| vladp | hi nick | 17:18 |
| vladp | do you have a momnent ? | 17:18 |
| vladp | *moment | 17:18 |
| jimmy____ | thanks nowen. | 17:31 |
| nowen | np jimmy____ | 17:32 |
| nowen | hi vladp | 17:32 |
| nowen | sure | 17:32 |
| vladp | To import a postgresql database wikid simple dump and then import to the new server and run /opt/WiKID/conf/templates/wikid-firstboot.sh | 17:33 |
| nowen | what are you trying to do? Upgrade postgres version? | 17:34 |
| vladp | import postgresql database to a new server | 17:35 |
| nowen | ok | 17:35 |
| nowen | will the new server replace the old one? | 17:36 |
| vladp | no, it'll be setup on a different datacenter | 17:39 |
| vladp | and i wanted to keep the database for users to not generate tokens again | 17:40 |
| nowen | ok - I recommend you set up the new server, create new certs, etc. Then dump and import the data | 17:40 |
| nowen | if the IP address is changing, that might be an issue | 17:40 |
| vladp | actually i think I'll need to generate new domains | 17:40 |
| vladp | with the new Ip | 17:41 |
| nowen | we can re-direct users to your new IP using DNS | 17:41 |
| nowen | but our dns will be in the middle | 17:41 |
| nowen | how many users do you have? | 17:41 |
| vladp | 100+ anyway we wil use this in case the other datacenter is having netwrk issues | 17:43 |
| vladp | so we will need to authenticate users against another domain which will be in this datacenter | 17:43 |
| nowen | is this all for your sys admins? or is it external? | 17:46 |
| vladp | all internal | 17:46 |
| nowen | well, we can re-direct users via dns. we would create an entry for yourdomainID.wikidsystems.net and point it to your new IP | 18:02 |
| nowen | when the old IP fails, the token will try our dns | 18:03 |
| *** jimmy____ has parted #wikid (None) | 18:18 | |
| nowen | brb | 18:33 |
| *** nowen1 (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 18:34 | |
| *** nowen has quit (Ping timeout: 252 seconds) | 18:37 | |
| *** nowen1 is now known as nowen | 18:52 | |
| *** vladp has quit (Quit: Page closed) | 20:18 | |
| *** nowen has quit (Quit: Leaving.) | 22:12 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!