| *** coolacid has quit (Ping timeout: 252 seconds) | 01:50 | |
| *** coolacid (~CoolAcid@unaffiliated/coolacid) has joined #wikid | 01:52 | |
| *** coolacid has quit (Ping timeout: 252 seconds) | 04:11 | |
| *** coolacid (~CoolAcid@unaffiliated/coolacid) has joined #wikid | 04:13 | |
| *** coolacid has quit (Ping timeout: 252 seconds) | 04:30 | |
| *** coolacid (~CoolAcid@unaffiliated/coolacid) has joined #wikid | 04:50 | |
| *** Qasker has quit (Ping timeout: 252 seconds) | 06:57 | |
| *** Qasker (ask@gateway/shell/elitebnc/session) has joined #wikid | 06:57 | |
| *** Qasker has quit (Changing host) | 06:57 | |
| *** Qasker (ask@gateway/shell/elitebnc/x-lvsllogjfcftssoe) has joined #wikid | 06:57 | |
| *** coolacid has quit (Ping timeout: 258 seconds) | 09:06 | |
| *** coolacid (~CoolAcid@unaffiliated/coolacid) has joined #wikid | 09:14 | |
| *** coolacid has quit (Ping timeout: 258 seconds) | 09:33 | |
| *** coolacid (~CoolAcid@unaffiliated/coolacid) has joined #wikid | 09:36 | |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 13:07 | |
| *** nowen has quit (Quit: Leaving.) | 14:28 | |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 14:44 | |
| *** nowen has quit (Ping timeout: 252 seconds) | 17:09 | |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 17:25 | |
| *** mark____ (8f74fa7d@gateway/web/freenode/ip.143.116.250.125) has joined #wikid | 17:40 | |
| mark____ | Hello everyone | 17:41 |
|---|---|---|
| nowen | Hi mark____ | 17:41 |
| mark____ | can you guess why i am here | 17:41 |
| nowen | i hope it's something good | 17:41 |
| mark____ | so we are working on getting our new domain to work | 17:41 |
| mark____ | its not | 17:42 |
| nowen | ok | 17:42 |
| nowen | let me check the dns | 17:42 |
| mark____ | we have setup the network clients in the domain pointing to our virtual Ip's | 17:42 |
| mark____ | no that part works | 17:42 |
| nowen | ok | 17:42 |
| mark____ | it is the radius authetnication piece not working | 17:43 |
| mark____ | so i register a new user with no issues | 17:43 |
| mark____ | go to the juniper login page | 17:43 |
| mark____ | enter username and 2FA code | 17:43 |
| mark____ | and for some reason on the wikid side it keeps trying to reach back to the other domain | 17:43 |
| nowen | is the IP different for the new network client? | 17:44 |
| nowen | hmm - you already said it's a virtual IP | 17:44 |
| mark____ | yes we created two virtual ip's on the two juniper devices it could hit | 17:45 |
| mark____ | and we see it hitting | 17:45 |
| mark____ | and when it hits it shows the right domain | 17:45 |
| mark____ | but when wikid tries to authenticate it is trying to authenticate to the wrong ip not using the virtual IP | 17:46 |
| nowen | if you run 'tcpdump port radius' on the WiKID server does it show the virtual IP? | 17:47 |
| mark____ | i sent you what we are seeing in the logs via encrypted email and how we have it configured | 17:49 |
| mark____ | Let me get someone to run that for me | 17:49 |
| nowen | ok | 17:50 |
| nowen | the 253 IP is the virtual IP? | 17:50 |
| mark____ | no it is not | 17:51 |
| mark____ | and that is what has us stumped | 17:51 |
| nowen | huh | 17:54 |
| nowen | I'm guessing then that the juniper is not sending the traffic from the virtual ip | 17:54 |
| mark____ | okay let me talk to our network guy | 17:58 |
| nowen | the tcpdump would show that | 17:58 |
| nowen | I got to make a phone call - biab | 18:02 |
| mark____ | ok | 18:12 |
| mark____ | working on the tcpdump | 18:12 |
| nowen | ok | 18:12 |
| nowen | call was delayed | 18:12 |
| mark____ | [root@hsvwikidp1 ~]# tcpdump port radius tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 0 packets captured 0 packets received by filter 0 packets dropped by kernel | 18:36 |
| mark____ | i see nothing useful there Nick? | 18:36 |
| mark____ | Nick are you still here | 18:42 |
| mark____ | do you know the port it is using | 18:42 |
| nowen | sorry - back | 18:56 |
| nowen | yeah - did you try to login while doing it? | 18:57 |
| mark____ | no | 19:14 |
| mark____ | i can coordinate that though | 19:14 |
| nowen | still there should be a lot of radius traffic on there, right? | 19:14 |
| mark____ | probably not | 19:14 |
| mark____ | right now only a few employees using it | 19:15 |
| mark____ | would say maybe 10 log event per day | 19:15 |
| nowen | ok | 19:15 |
| mark____ | so i need to have them run it when i am trying to login | 19:15 |
| nowen | yes | 19:16 |
| mark____ | Our network guy thinks it is something on the Juniper side | 19:16 |
| mark____ | and he is waiting to hear back form them | 19:16 |
| mark____ | from | 19:16 |
| mark____ | i just wanted to make sure it was not something on the wikid side is all | 19:16 |
| nowen | well, I have seen this before - radius relies on the IP of the radius client in it's logic, so that's what I suspect. could be other things too | 19:21 |
| mark____ | okay we will keep troubleshooting it | 19:42 |
| nowen | ok | 19:42 |
| nowen | let me know | 19:42 |
| mark____ | ok | 19:45 |
| *** mark____ has quit (Ping timeout: 240 seconds) | 21:42 | |
| *** nowen has quit (Quit: Leaving.) | 21:51 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!