| *** Satheesh has quit (Ping timeout: 240 seconds) | 00:10 | |
| *** coolacid has quit (Ping timeout: 252 seconds) | 04:44 | |
| *** coolacid (~CoolAcid@unaffiliated/coolacid) has joined #wikid | 04:50 | |
| *** coolacid has quit (Ping timeout: 258 seconds) | 05:53 | |
| *** Rudy6 (~Rudy6@213.132.115.194) has joined #wikid | 07:39 | |
| *** happy_nodes (~happy_nod@5353BF9D.cm-6-4c.dynamic.ziggo.nl) has joined #wikid | 10:58 | |
| happy_nodes | Hi, i am trying to setup wikid, I am clicking on "Create an Intermediate CA" its giving me blank page | 11:00 |
|---|---|---|
| happy_nodes | I am using wikid enterprise version | 11:00 |
| *** coolacid (~CoolAcid@unaffiliated/coolacid) has joined #wikid | 12:33 | |
| nowen | happy_nodes: what browser? | 13:49 |
| nowen | happy_nodes: actually, did you run wikidctl setup? | 13:50 |
| nowen | happy_nodes: you might just need to rerun setup and run through the network part. | 13:50 |
| *** Rudy6 has quit (Remote host closed the connection) | 14:25 | |
| *** nowen has quit (Remote host closed the connection) | 14:28 | |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 14:30 | |
| nowen | happy_nodes: did you get it figured out? | 14:45 |
| happy_nodes | I am using chrome | 15:08 |
| happy_nodes | I did run wikidctl setup, but now the page is not showing up at all. | 15:09 |
| happy_nodes | Thanks, Its working now | 15:20 |
| nowen | happy_nodes: huh - what was it? | 15:28 |
| *** Troy (329b98a8@gateway/web/freenode/ip.50.155.152.168) has joined #wikid | 15:48 | |
| nowen | hey Troy | 15:56 |
| Troy | Hi Nick | 15:57 |
| Troy | sorry.. I haven't got a chance this morning to work on the upgrade issues | 15:57 |
| nowen | np | 15:57 |
| nowen | I will have limited connectivity Friday, just so you know. only email most likely | 15:57 |
| Troy | have you upgraded your b1216 to b1545 or reproduced anything I'm seeing | 15:58 |
| Troy | ? | 15:58 |
| Troy | i'm thinking it's all permissions related to wikid user | 15:58 |
| nowen | well, I'm not sure what perms you have for your wikid user | 15:58 |
| nowen | what our script does is add it a group | 15:58 |
| Troy | yea.. i know.. i think during the upgrade it maybe just safest to give the wikid user sudo rights to all | 15:59 |
| nowen | that I know works. | 15:59 |
| nowen | I was getting some odd chown errors on login. not sure why. the files were already wikid/root | 16:00 |
| Troy | yes.. i do remember seeing those chown errors | 16:00 |
| Troy | unfortunately I have hosed the lab so I may have to go back to an older build snapshot and start over | 16:01 |
| nowen | we can step through it together | 16:01 |
| Troy | ok.. i have another thing I have to work through today on the production wikid servers.. our localhost cert is expiring tomorrow.. | 16:03 |
| *** AccentureDan (3f7c1664@gateway/web/freenode/ip.63.124.22.100) has joined #wikid | 16:04 | |
| Troy | I'm planning to get that cert updated today.. this will not take long, but I have to break anything in the process | 16:04 |
| AccentureDan | Hey Nick...still filling out this runbook haha...quick question | 16:04 |
| AccentureDan | product keys | 16:04 |
| AccentureDan | are there any for WiKID that we input once we are licensed? | 16:04 |
| nowen | no, we track it all by the cert | 16:04 |
| AccentureDan | awesome, so the cert we register during installation gets communicated back to you? | 16:05 |
| nowen | yes | 16:05 |
| AccentureDan | fantastic, thanks bud! | 16:05 |
| nowen | we process the cert request | 16:05 |
| AccentureDan | fantastic :) | 16:05 |
| AccentureDan | i am going to stick around in here just in case I have anymore questions from this runbook | 16:05 |
| nowen | ok, please do | 16:05 |
| nowen | AccentureDan: when you say 'runbook' what does that mean? are you using some type of build system? or is just instructions? | 16:16 |
| AccentureDan | just instructions, it's a requirement of our contract | 16:21 |
| nowen | ok | 16:21 |
| AccentureDan | just have to fill out long documents explaining how we put things together haha | 16:21 |
| nowen | better you than me ;-) | 16:21 |
| AccentureDan | even though we reference online documentation | 16:21 |
| AccentureDan | ugh i know! :-P | 16:21 |
| nowen | Troy, in /etc/WiKID/security, you need to add a line: WIKID_USER="wikid" | 16:31 |
| Troy | ok | 16:32 |
| AccentureDan | silly question, saw there was a way to change the logo via the jw.properties file | 16:42 |
| AccentureDan | which logo is that referring to? | 16:42 |
| nowen | the one below the Get Passcode button, iirc | 16:43 |
| nowen | it is really the only one | 16:43 |
| AccentureDan | ahhhh gotcha! just wondering :) | 16:43 |
| AccentureDan | what port is WiKID listening on for token requests? | 16:49 |
| AccentureDan | 443? | 16:49 |
| nowen | no - 80 | 16:50 |
| nowen | we use public key encryption, so no need for ssl | 16:51 |
| nowen | or heartbleed, for that matter ;-) | 16:51 |
| AccentureDan | ah crap that is right, keep forgetting hahahahaa | 16:53 |
| AccentureDan | fantastic | 16:53 |
| AccentureDan | :) | 16:53 |
| Troy | @nowen - the security file already had that WIKID_USER="wikid line | 16:55 |
| nowen | Troy: ok | 17:08 |
| nowen | Troy: that's what I saw too | 17:09 |
| nowen | Troy: if you run 'cut -d: -f1 /etc/group' do you see a wikid group? | 17:10 |
| Troy | yes. I see the wikid group listed | 17:11 |
| nowen | try 'usermod -G wikid wikid' | 17:12 |
| nowen | and see if that helps | 17:12 |
| Troy | not sure what happened.. but now I'm able to access the WiKID admin pages on the server | 17:21 |
| Troy | let me check a few other pages like ADRegister | 17:22 |
| nowen | do you have wikid in the sudoers file? | 17:22 |
| Troy | yes.. | 17:22 |
| nowen | what perms? All? | 17:22 |
| Troy | i believe so.. let me double check.. i think it was just added recently to all | 17:26 |
| Troy | Nick.. as soon as I re-generate the localhost.p12 certs, the network client certs will become invalid and need to be re-generated also? | 20:25 |
| Troy | sorry. localhost cert not certs | 20:26 |
| nowen | as soon as you create a new intCA cert, all the others will need to be regenerated | 20:26 |
| nowen | i'm sorry - but it has to happen every 10 years | 20:26 |
| Troy | ok.. but only my localhost cert is expiring. i can just create a new localhost and then re-create the wauth network clients certs | 20:27 |
| Troy | the localhost expires every year | 20:27 |
| nowen | our CACertStore expired | 20:27 |
| nowen | and we put the new one in the RPM, so when you update, it updates it | 20:28 |
| nowen | the localhost is on the same 'level' as the network client certs. | 20:29 |
| Troy | ok... gotcha.. but for now, if I stay on b1216, i can just create the localhost without having to request a new CA | 20:29 |
| nowen | yes | 20:30 |
| nowen | that should work. | 20:30 |
| Troy | i just need to update localhost by tomorrow is why i ask. i do plan to work on the upgrade in parallel in the lab | 20:30 |
| nowen | and it's not CACertstore, but WiKIDCA.cer | 20:30 |
| nowen | 'keytool -printcert -v -file WiKIDCA.cer' will show it | 20:30 |
| Troy | ok | 20:30 |
| *** happy_nodes has quit (Read error: Connection reset by peer) | 21:27 | |
| *** nowen has parted #wikid (None) | 22:07 | |
| *** Troy has quit (Quit: Page closed) | 22:08 | |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 22:13 | |
| *** nowen has quit (Ping timeout: 240 seconds) | 22:24 | |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 22:40 | |
| *** ChanServ (ChanServ@services.) has joined #wikid | 22:44 | |
| *** nowen has quit (Quit: Leaving.) | 22:50 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!