| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 12:59 | |
| *** nowen has quit (Quit: Leaving.) | 13:24 | |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 13:28 | |
| *** nowen has quit (Quit: Leaving.) | 13:34 | |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 13:54 | |
| *** nowen has quit (Ping timeout: 240 seconds) | 14:09 | |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 14:14 | |
| *** Troy (329b98a8@gateway/web/freenode/ip.50.155.152.168) has joined #wikid | 14:47 | |
| Troy | Good morning Nick | 14:49 |
|---|---|---|
| nowen | morning | 14:49 |
| Troy | reguarding the upgrade to latest wikid server | 14:49 |
| nowen | yes? | 14:49 |
| Troy | regarding | 14:50 |
| Troy | rpm -Uvh wikid-... | 14:50 |
| Troy | then rpm -ivh wikid-utilities... | 14:50 |
| Troy | of course we will back db first | 14:51 |
| nowen | shouldn't that last one be -U also>? | 14:51 |
| Troy | yes. | 14:51 |
| Troy | I plan to turn off replication and setup both servers as stand alone | 14:52 |
| nowen | do you guys use the ADRegister or example.jsp pages? You will want to back those up | 14:52 |
| Troy | I will upgrade the secondary first.. I will need to regenerate all the certificate | 14:52 |
| Troy | yes.. i believe last time we upgraded, the whole /opt/WiKID/tomcat/webapps/wikid was overwritten | 14:53 |
| Troy | which surprised me | 14:53 |
| Troy | do you recall if the the webapp folders are overwritten with the rpm? | 14:54 |
| Troy | or when tomcat is started | 14:54 |
| nowen | I think that is a tomcat thing. | 14:54 |
| nowen | the WAR file unzips and overwrites | 14:54 |
| Troy | when upgrading, do I keep wikid service running.. then restart ? | 14:54 |
| nowen | running the rpm command will stop the server | 14:55 |
| Troy | ok | 14:55 |
| nowen | did you test this in your lab? | 14:55 |
| Troy | i'm testing in the lab today | 14:55 |
| Troy | i plan to upgrade production next week if all goes well in the lab | 14:55 |
| nowen | ok - got another rpm for you. It includes an update to push domain changes to the PC tokens, for your name change | 14:56 |
| Troy | ok. i have 1542 build i think | 14:57 |
| Troy | yes.. it's 3.5 b1542-1 | 14:57 |
| nowen | ok - this one is 1545 | 14:57 |
| nowen | http://wikidsystems-dl.com/wikid-server-enterprise-3.5.0.b1545-1.noarch.rpm | 14:57 |
| Troy | ok. cool.. let me know in e-mail where I can download and I'll use | 14:57 |
| Troy | thanks | 14:58 |
| nowen | I think you will like this one. DB improvements, User page and log page improvements | 14:58 |
| Troy | so once I have the secondary upgraded. I will then use the secondary as the master (stand alone) | 14:58 |
| Troy | then upgrade the old master | 14:59 |
| Troy | yes.. we are running a very old build.. i've been wanting to upgrade for awhile | 14:59 |
| Troy | once both are upgraded, I will then setup replication again | 14:59 |
| nowen | ok | 14:59 |
| Troy | i hope that will work | 14:59 |
| nowen | it should. | 15:00 |
| Troy | http://wikidsystems-dl.com/wikid-utilities-3.4.3-1.i386.rpm | 15:00 |
| Troy | is that the current utilities? | 15:01 |
| nowen | yes | 15:01 |
| Troy | ok | 15:01 |
| nowen | is that what you have installed? | 15:01 |
| Troy | currently i think we have a much older version | 15:06 |
| Troy | but I plan to use the 3.4.3 when upgrading | 15:06 |
| nowen | ok | 15:06 |
| nowen | yeah, 1216 has the older version of tomcat. | 15:06 |
| nowen | the new one has a binary file to start it. it is in the utils rpm | 15:06 |
| Troy | ok | 15:09 |
| nowen | I'm thinking this one will last you for a while too. It's a really good release, I think | 15:10 |
| *** coolacid has quit (Ping timeout: 265 seconds) | 15:11 | |
| Troy | good deal.. looking forward to the upgrade | 15:24 |
| nowen | biab - lunchtime | 15:55 |
| *** coolacid (~CoolAcid@unaffiliated/coolacid) has joined #wikid | 15:56 | |
| *** coolacid has quit (Read error: Connection reset by peer) | 16:08 | |
| *** coolacid (~CoolAcid@unaffiliated/coolacid) has joined #wikid | 16:09 | |
| nowen | hey coolacid | 16:22 |
| nowen | how's it going? | 16:22 |
| coolacid | Fan died on one of my GPUs.. and for some reason my computer shut down.. twice.. | 16:23 |
| nowen | gotta lay off the mining | 16:47 |
| coolacid | It's all about the defcoin now baby | 16:49 |
| nowen | lol | 16:49 |
| nowen | did you convert any bitcoins to loonies? | 16:50 |
| coolacid | Nope. | 16:50 |
| coolacid | US Dollars. | 16:50 |
| nowen | even better | 16:51 |
| coolacid | Got a Target, Childreans Place, Target and Amazon Gift cards Via Gyft. | 16:51 |
| coolacid | So when wife went shopping while we were in the US, we used those for the bulk of the payments.. | 16:51 |
| coolacid | The Amazon gift card went to a new ipad mini ;) | 16:51 |
| nowen | sweet | 16:52 |
| coolacid | yeah.. I'm a happy camper. | 16:52 |
| coolacid | and because I used BTC with Gyft, I ended up with 2025 Gyft points towards another card.. which turns out to be $20 free ;) | 16:53 |
| nowen | damn, you're really rolling in it | 16:53 |
| coolacid | Meh, I wouldn't say rolling.. | 16:54 |
| coolacid | If I hadn't of tried to day trade, it would have been 5x better off.. But, chalk it up to learning that I can't day trade ;) | 16:54 |
| nowen | no one can, unless you're an HFT | 16:54 |
| coolacid | lol.. fair enough | 16:58 |
| coolacid | When nanoseconds.. oh.. wait.. | 16:58 |
| *** nowen1 (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 18:09 | |
| *** nowen1 is now known as nowen_lappy | 18:09 | |
| *** bang (40813d32@gateway/web/freenode/ip.64.129.61.50) has joined #wikid | 18:34 | |
| *** bang is now known as Guest36800 | 18:34 | |
| Guest36800 | Hello, guess I'll be called guest for now.. | 18:36 |
| Guest36800 | Anyways I am running into some pre-installation issues hoping to get some of my questions answered. | 18:37 |
| Guest36800 | I am trying to setup up wikid for vpn access using AD credits. | 18:39 |
| Guest36800 | Setting up wikid server and then NPS is complete. How would I be able to test it? | 18:40 |
| nowen_lappy | hi | 18:40 |
| nowen_lappy | have you tried logging in? | 18:41 |
| nowen | I can give you a command to run on the WiKID server to see if the radius requests are reaching it | 18:42 |
| Guest36800 | ok, | 18:42 |
| nowen | 'tcpdump -vv port radius' | 18:42 |
| *** coolacid has quit (Ping timeout: 265 seconds) | 18:43 | |
| Guest36800 | i get an output of "tcpdump: listening on eth0... " | 18:44 |
| nowen | ok - then did you try to login? | 18:44 |
| *** nowen_lappy has quit (Quit: Leaving.) | 18:45 | |
| *** coolacid (~CoolAcid@unaffiliated/coolacid) has joined #wikid | 18:45 | |
| nowen | did you set up the NPS server as a network client in WiKID? | 18:46 |
| Guest36800 | No I did not, I'll go ahead and do that now | 18:47 |
| nowen | ok- and did you create a localhost cert and enable the radius protocol? | 18:48 |
| Guest36800 | Yes, that I have completed. | 18:48 |
| nowen | ok | 18:48 |
| Guest36800 | The network client IP is that of the DC and the protocol will be Radius? | 18:49 |
| nowen | is nps running on the DC? | 18:49 |
| Guest36800 | yes | 18:49 |
| nowen | then yes | 18:49 |
| Guest36800 | OK, I've just added the network client. | 18:50 |
| nowen | restart wikid with 'wikidctl restart | 18:51 |
| nowen | ' | 18:51 |
| Guest36800 | ok, done. | 18:53 |
| nowen | ok - try that tcpdump command and login again | 18:53 |
| Guest36800 | thing is I am alreadly logged in the VPN now, if I run that command and exit out, I will lose connection to the server | 18:55 |
| nowen | some vpns allow you to test a radius login from their admin console | 18:55 |
| nowen | otherwise, IDK | 18:56 |
| nowen | can you have someone else test it? | 18:58 |
| Guest36800 | to test the VPN i would first have to add the configuration on the cisco. | 19:01 |
| nowen | so, do you want another radius testing tool? | 19:01 |
| Guest36800 | For now I want to test if the parts from wikid server to the DC is working. | 19:01 |
| Guest36800 | I understand that the configuratiion goes from wikid > NPS > cisco | 19:02 |
| nowen | well, sort of the other way | 19:02 |
| nowen | Cisco >> NPS >> WiKID | 19:02 |
| nowen | I use this for radius testing: http://www.iea-software.com/products/radlogin4.cfm | 19:03 |
| nowen | you need something to create the radius requests | 19:04 |
| Guest36800 | Is there something that I can read to get a better grasp of what needs to be done? I am just going around in circles.. | 19:09 |
| nowen | have you seen our eGuide? | 19:09 |
| Guest36800 | yes | 19:10 |
| Guest36800 | Sorry it wasn't much of a help | 19:10 |
| nowen | ok - so, here's what happens | 19:10 |
| nowen | the user logs into the Cisco. The cisco sends the AD username and OTP to NPS. | 19:11 |
| nowen | NPS does the authorization (does the user have the right to login) based on the username | 19:11 |
| nowen | if that passes, NPS sends the OTP and username to WiKID | 19:11 |
| nowen | If that passes, WiKID sends an ack back to NPS say "Good". Then NPS tells the Cisco "Good" | 19:12 |
| nowen | and they are logged in | 19:12 |
| Guest36800 | aye, fairly straight forward I say. More or less it's the configurations that's bugging me.. | 19:15 |
| nowen | well, NPS is a pain in the but | 19:15 |
| nowen | t | 19:15 |
| nowen | start simple | 19:15 |
| nowen | can you get the Cisco talking radius to NPS using AD creds? | 19:15 |
| Guest36800 | im not really that far ahead now. | 19:16 |
| nowen | well, that's where I would start | 19:16 |
| Guest36800 | I'm just cautious as to not break things... | 19:16 |
| Guest36800 | thanks nowen.. ill be back if I need anything | 19:25 |
| nowen | ok | 19:25 |
| *** Guest36800 has parted #wikid (None) | 19:35 | |
| Troy | Hi Nick | 19:43 |
| nowen | Hi Troy | 19:43 |
| Troy | upgrade in the lab secondary system went fine | 19:43 |
| nowen | nice | 19:43 |
| nowen | like the UI improvements? | 19:43 |
| Troy | mostly.. just a few things are kinda strange | 19:43 |
| nowen | ? | 19:44 |
| Troy | we have tons of devices.. so the user page is stretched out | 19:44 |
| nowen | hmm - can you send me a screen shot? | 19:44 |
| Troy | but not a big issue.. just have to scroll a bit over from the initial page | 19:44 |
| Troy | also, the enable/disable (or status) is now 0 or 1 | 19:45 |
| Troy | which is fine.. do you know if that value has changed in the db? | 19:45 |
| nowen | no - it was always 0 or 1 | 19:45 |
| Troy | ok.. cool.. shouldn't be any issue with our re-enable scripts then | 19:45 |
| nowen | no - the api uses 1s and 0s. should be the same | 19:46 |
| Troy | ok.. sent you shot of the users page | 19:48 |
| nowen | thanks | 19:49 |
| Troy | maybe cut a line break after a certain amount of pages | 19:50 |
| Troy | also, would be nice to have a ALL to show all | 19:50 |
| Troy | just for sorting .. i know you can filter | 19:50 |
| nowen | i see. we need to cap the number of pages and add a Next or something | 19:51 |
| Troy | yea.. no biggie.. just cosmetic | 19:51 |
| nowen | I think if you tried to show all on one page, it would freeze the server | 19:51 |
| nowen | I'll create a ticket for it. We'll get to it | 19:52 |
| Troy | yea.. that's true.. it does take a long time on the current production instance | 19:52 |
| Troy | one other question regarding the domains/network clients | 19:52 |
| nowen | the db improvements will help, but I would still worry. It might crash your browser too ;) | 19:53 |
| Troy | can you have multiple network clients assigned to different domains? | 19:54 |
| Troy | example, we have a vpn box pointing to wikid using radius | 19:55 |
| Troy | but we need to have two different wikid domains setup for the sslvpn | 19:56 |
| Troy | it allows me to set it up this way.. just need to test if it works | 19:56 |
| Troy | i hope that makes sense.. | 19:57 |
| nowen | hmm | 20:00 |
| nowen | to have two radius network clients they would need to have different IP addresses | 20:00 |
| nowen | the radius listener gets a radius packet from the vpn and it matches the IP to the WiKID domain. If there are two NCs, it will get confused | 20:02 |
| Troy | ok.. i have two radius clients setup with same IP | 20:02 |
| nowen | can you setup multiple networks or virtual IPs | 20:02 |
| nowen | ? | 20:02 |
| Troy | that's a possibility.. | 20:03 |
| Troy | next, I need to work on creating new intermediate / localhost certs | 20:05 |
| Troy | then ultimately new network client certs to copy out to the saml servers | 20:06 |
| nowen | yes | 20:08 |
| Troy | for our production wikid servers, do I need to get a permanent production certificate from you? | 20:31 |
| Troy | or can I use the automated processs? | 20:31 |
| nowen | you can just use automated one | 20:31 |
| Troy | ok.. thanks.. | 20:31 |
| nowen | ok - time for me to check out. been a long week | 21:22 |
| nowen | you guys have a great weekend | 21:22 |
| nowen | Troy: you doing ok? | 21:22 |
| Troy | yes.. thanks Nick.. have a good weekend | 21:22 |
| nowen | you too | 21:22 |
| *** nowen has quit (Quit: Leaving.) | 21:22 | |
| *** Troy has quit (Ping timeout: 245 seconds) | 21:26 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!