| *** WiKIDLogBot (~WiKIDLogB@ec2-174-129-6-100.compute-1.amazonaws.com) has joined #wikid | 17:36 | |
| barjavel.freenode.net | Topic for #wikid is: two-factor authentication. If no one is here, you can try the forums: http://www.wikidsystems.com/support/support/wikid-forums. Please lurk around - your question may not be answer immediately. This channel is logged: http://www.wikidsystems.com/webdemo/irclogs/index.html. | 17:36 |
|---|---|---|
| barjavel.freenode.net | Users on #wikid: WiKIDLogBot @nowen TXRH-Richard coolacid Qasker joevano | 17:36 |
| TXRH-Richard | Nick I keep getting "The wClient connection to the server was NOT successfully established" | 19:01 |
| TXRH-Richard | is a firewall issue? | 19:01 |
| *** TXRH-Richard has quit (Quit: Page closed) | 19:03 | |
| *** TXRH-Richard (d8f800fe@gateway/web/freenode/ip.216.248.0.254) has joined #wikid | 19:03 | |
| TXRH-Richard | Nick, I keep getting "The wClient connection to the server was NOT successfully established" is this a firewall issue? | 19:04 |
| nowen | TXRH-Richard: did you edit the example.jsp page? | 19:05 |
| nowen | was it working before and stopped? | 19:05 |
| TXRH-Richard | well I the AD register page was working but hasn't in a while | 19:06 |
| nowen | I bet its your localhost cert | 19:06 |
| TXRH-Richard | I have been manually adding users in the web interface | 19:06 |
| nowen | Run the command here on your localhost http://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-do-i-know-if-my-certificate-is-valid?searchterm=keytoo | 19:07 |
| TXRH-Richard | but i need to add 2 tokens for some users | 19:07 |
| nowen | what version are you running? | 19:07 |
| TXRH-Richard | wikid-server-enterprise-3.4.88-b1269 | 19:09 |
| TXRH-Richard | is my -storepass the same one I use to start the service? | 19:10 |
| nowen | could be. but localhost can have a different one. | 19:10 |
| nowen | http://www.wikidsystems.com/downloads/changelogs/enterprise-changelog some updates, including a new WiKID CA. | 19:10 |
| nowen | also: http://www.wikidsystems.com/support/wikid-support-center/faq/how-can-i-restart-the-server-without-being-asked-for-the-passphrase | 19:11 |
| TXRH-Richard | -bash: !fxg: event not found | 19:12 |
| TXRH-Richard | is the result of keytool | 19:12 |
| nowen | hmm | 19:12 |
| nowen | maybe a typo? | 19:12 |
| nowen | try running the other one | 19:13 |
| TXRH-Richard | same thing if I type another password I get a java error | 19:15 |
| TXRH-Richard | should I upgrade? | 19:15 |
| TXRH-Richard | I just want to be able to register 2 tokens to 1 user | 19:15 |
| nowen | run 'ls -all /opt/WiKID/private/' and see if they are both there | 19:16 |
| nowen | but, yet, I say upgrade and create new certs | 19:16 |
| nowen | I can get you the rpm links | 19:16 |
| TXRH-Richard | ok the certs are there | 19:17 |
| nowen | what are the dates on them? | 19:18 |
| TXRH-Richard | if I upgrade will I have to re-register users | 19:18 |
| TXRH-Richard | sep 11 2012 and sep 12 2012 | 19:18 |
| nowen | hmm, do you guys buy a three year license? | 19:21 |
| TXRH-Richard | yes 25 seat - 3 years | 19:22 |
| nowen | odd, I can't find it. oh well | 19:23 |
| nowen | here's the links | 19:23 |
| nowen | what we'll do is upgrade the RPMs, restart wikid, create new certs and restart again | 19:23 |
| TXRH-Richard | E=RIchard.Fox@texasroadhouse.com,C=US,ST=KY,L=Louisville,O=Texas Roadhouse,OU=IT,CN=trdualauth.texasroadhouse.local | 19:24 |
| nowen | one thing - the localhost passphrase you used should be in ADRegister.jsp | 19:24 |
| nowen | ahh = thanks | 19:24 |
| nowen | You many want to copy your ADRegister.jsp in case it gets over-written | 19:25 |
| nowen | which it surely will | 19:25 |
| nowen | It should be in /opt/WIKID/tomcat/webapps/wikid | 19:25 |
| TXRH-Richard | ok | 19:27 |
| nowen | do you need any help copying it or tar'ing it up? | 19:32 |
| TXRH-Richard | I made a copy of the file and also have info in notepad | 19:33 |
| nowen | ok | 19:33 |
| nowen | is this our ISO? I need to know if it is 32 bit or 64 | 19:33 |
| TXRH-Richard | btw I used the that password in the keytool and get a java.io.IOException | 19:34 |
| nowen | that's odd. it should just show an expired cert | 19:34 |
| nowen | but anyway a new cert should fix it | 19:34 |
| TXRH-Richard | It's a VM on esx I think I built it from the iso | 19:35 |
| nowen | http://wikidsystems-dl.com/wikid-server-enterprise-3.5.0.b1542-1.noarch.rpm | 19:35 |
| TXRH-Richard | how can I tell if it is x64 | 19:35 |
| nowen | 'uname -a' | 19:35 |
| nowen | http://wikidsystems-dl.com/wikid-utilities-3.4.3-1.i386.rpm | 19:36 |
| nowen | the iso is 32 bit | 19:36 |
| TXRH-Richard | Linux trdualauth.texasroadhouse.local 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 i686 i386 GNU/Linux | 19:36 |
| nowen | yeah, those two rpms | 19:36 |
| nowen | you can download them on the server by running 'wget http://wikids.... | 19:36 |
| TXRH-Richard | ok working on it now | 19:37 |
| TXRH-Richard | ok done | 19:37 |
| nowen | ok note that this will stop the server. | 19:38 |
| nowen | run 'rpm -Uvh wikid-*' | 19:38 |
| nowen | that will stop wikid and do the upgrade | 19:39 |
| nowen | when finished, run 'wikidctl start' | 19:39 |
| TXRH-Richard | ok starting | 19:40 |
| nowen | ok - then go to the WiKIDAdmin Configuration and create a new intermediate CA and a new localhost and then copy your ADRegister back and then 'wikidctl restart' | 19:42 |
| nowen | did you get the cert back in the pop-up ok? | 19:49 |
| TXRH-Richard | yes restarting now | 19:50 |
| TXRH-Richard | ok it is back up | 19:53 |
| nowen | ok - browse to the ADReg page and cross your fingers | 19:54 |
| TXRH-Richard | ok well I get Authentication to the directory failed for "myuser" | 19:54 |
| nowen | ok - so it sounds like the AD connection is working | 19:55 |
| TXRH-Richard | seem to always have to stop iptables | 19:55 |
| nowen | oh | 19:55 |
| nowen | I have a solution for that. Create a network client using radius using the IP Address of your AD server. | 19:56 |
| nowen | it will open a hole for that IP. | 19:56 |
| TXRH-Richard | I do have that | 19:57 |
| nowen | huh | 19:57 |
| TXRH-Richard | I just did iptables stop and it is working now | 19:57 |
| nowen | you can run 'iptables -L -n' to see if that IP is listed | 19:57 |
| TXRH-Richard | Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination | 19:58 |
| TXRH-Richard | looks like nothing | 19:58 |
| nowen | did you restart iptables? | 19:58 |
| TXRH-Richard | oh ok | 19:58 |
| TXRH-Richard | Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTAB LISHED ACCEPT all -- 127.0.0.1 0.0.0.0/0 state NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22 ,443,80,49 state NEW DROP all -- 0 | 19:59 |
| nowen | hmm | 19:59 |
| TXRH-Richard | not sure if that is readable but it looks like all 0.0.0.0/0 | 20:00 |
| nowen | try: 'iptables -I INPUT -p tcp -s 10.1.1.2 --dport 389 -j ACCEPT' | 20:00 |
| nowen | changing the IP for your ad server | 20:00 |
| TXRH-Richard | ok seems to be working | 20:02 |
| nowen | o | 20:02 |
| nowen | ok | 20:02 |
| nowen | now do 'iptables-save /etc/sysconfig/iptables' and it should stick after a restart | 20:02 |
| nowen | do you want to setup wikid to start automatically? | 20:03 |
| TXRH-Richard | I get unknown argument found on commandline | 20:04 |
| TXRH-Richard | yes, and Can I use the AD page to register a 2nd token if the user already has one? or should I use the example | 20:08 |
| TXRH-Richard | I have a security file the first line is WIKID_USER | 20:10 |
| nowen | IIRC, the AD reg page should send you to a 2nd page to reg another | 20:10 |
| nowen | yeah | 20:10 |
| nowen | add a 2nd line | 20:10 |
| nowen | with 'WAUTH_PASSPHRASE='yourpassphrase' | 20:10 |
| nowen | then: cp /opt/WiKID/conf/templates/wikid /etc/init.d/wikid | 20:11 |
| nowen | chmod +x /etc/init.d/wikid | 20:11 |
| nowen | chkconfig wikid on | 20:11 |
| TXRH-Richard | ok I fixed that it restart without prompting now | 20:13 |
| TXRH-Richard | ok the AD page let you register 2 if you don't already have a token is there a way with out deleting the first and doing both at the same time | 20:22 |
| nowen | you would have to edit the page | 20:22 |
| nowen | it's a different function | 20:23 |
| nowen | you can use example.jsp | 20:23 |
| TXRH-Richard | ok I am not much of a programmer, I see the Add additional device do I copy that into another file and save as .jsp | 20:26 |
| nowen | me neither ;-) | 20:27 |
| nowen | do you want to edit the AD page? | 20:27 |
| TXRH-Richard | yes that works | 20:28 |
| nowen | if you go straight to ADRegister2.jsp it might do it | 20:29 |
| TXRH-Richard | ok editing that page now | 20:31 |
| TXRH-Richard | that works! Awesome | 20:37 |
| TXRH-Richard | I have another issue if you have time, we have 2 internet connections and use a dns device to fail over if one goes down | 20:39 |
| nowen | ok | 20:40 |
| nowen | so, when that happens, users can't get to the WiKID server? | 20:41 |
| nowen | we can create a DNS entry in wikidsystems.net and point it to your DNS | 20:44 |
| *** nowen has quit (Read error: Connection reset by peer) | 20:47 | |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 21:05 | |
| nowen | hmm, didn't notice I was gone | 21:05 |
| nowen | TXRH-Richard: I have to go - taking my daughter to the airport for a 3 month exchange. | 21:16 |
| *** nowen has quit (Quit: Leaving.) | 21:19 | |
| *** TXRH-Richard has quit (Ping timeout: 245 seconds) | 21:24 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!