What Are You Doing Right Now
- 
 @wirestyle22 said in What Are You Doing Right Now: @EddieJennings said in What Are You Doing Right Now: @EddieJennings said in What Are You Doing Right Now: Moving along with working on Dokuwiki. Trying to figure out why the group I configured for superuser isn't working. Problem solved!  What was it? In local.php I had the following configured: 
 $conf['plugin']['authad']['base_dn'] = 'DC=foo,DC=blah.com,DC=com';
 instead of
 $conf['plugin']['authad']['base_dn'] = 'DC=foo,DC=blah,DC=com';That was a misconfiguration, which needed to be fixed, and once I did, my groups were recognized; thus, I assume that was the problem. I could login using AD credentials with it misconfigured though. 
- 
 Down the rabbit hole I go. Further playing around with AD authentication and Dokuwiki, thanks to Wireshark, I found my test account's credentials being sent in the clear. Now I'm curious, and will see what the traffic looks like when a person logs onto a regular workstation. 
- 
 @EddieJennings said in What Are You Doing Right Now: Down the rabbit hole I go. Further playing around with AD authentication and Dokuwiki, thanks to Wireshark, I found my test account's credentials being sent in the clear. Now I'm curious, and will see what the traffic looks like when a person logs onto a regular workstation. Epic fail. 
- 
 @NerdyDad No, epic win. I was curious to see how Dokuwiki was receiving group information, so I put Wireshark on to view the traffic and try to gain some insight. What I discovered was the aforementioned credentials-in-the-clear problem. Had I not been curious about something else, it would've probably taken me a while to realize this problem was happening. 
- 
 @EddieJennings said in What Are You Doing Right Now: @NerdyDad No, epic win. I was curious to see how Dokuwiki was receiving group information, so I put Wireshark on to view the traffic and try to gain some insight. What I discovered was the aforementioned credentials-in-the-clear problem. Had I not been curious about something else, it would've probably taken me a while to realize this problem was happening. Win for you, fail for Dokuwiki for not properly setting up encryption before sending authentication credentials, such as SSL. 
- 
 @NerdyDad said in What Are You Doing Right Now: @EddieJennings said in What Are You Doing Right Now: @NerdyDad No, epic win. I was curious to see how Dokuwiki was receiving group information, so I put Wireshark on to view the traffic and try to gain some insight. What I discovered was the aforementioned credentials-in-the-clear problem. Had I not been curious about something else, it would've probably taken me a while to realize this problem was happening. Win for you, fail for Dokuwiki for not properly setting up encryption before sending authentication credentials, such as SSL. Now that being said, I'm not using https right now. I think even if I did configure SSL, which would encrypt traffic from me to dokuwiki, traffic from dokuwiki to my domain controller would still be unencrypted. 
- 
 @EddieJennings said in What Are You Doing Right Now: @NerdyDad said in What Are You Doing Right Now: @EddieJennings said in What Are You Doing Right Now: @NerdyDad No, epic win. I was curious to see how Dokuwiki was receiving group information, so I put Wireshark on to view the traffic and try to gain some insight. What I discovered was the aforementioned credentials-in-the-clear problem. Had I not been curious about something else, it would've probably taken me a while to realize this problem was happening. Win for you, fail for Dokuwiki for not properly setting up encryption before sending authentication credentials, such as SSL. Now that being said, I'm not using https right now. I think even if I did configure SSL, which would encrypt traffic from me to dokuwiki, traffic from dokuwiki to my domain controller would still be unencrypted. That is true. However, with Kerberos, it would be one more level of security instead of open creds. But lets look at the bigger picture here. We're inside of your network already. What is being kept on this wiki? How-to's? Not really that important. So probably don't need Kerberos security on a bunch of security manuals. If your users are using wireshark to try to get them into your wiki, then you either need to hire them into the IT dept or fire them. Your choice. 
- 
 @NerdyDad said in What Are You Doing Right Now: @EddieJennings said in What Are You Doing Right Now: @NerdyDad said in What Are You Doing Right Now: @EddieJennings said in What Are You Doing Right Now: @NerdyDad No, epic win. I was curious to see how Dokuwiki was receiving group information, so I put Wireshark on to view the traffic and try to gain some insight. What I discovered was the aforementioned credentials-in-the-clear problem. Had I not been curious about something else, it would've probably taken me a while to realize this problem was happening. Win for you, fail for Dokuwiki for not properly setting up encryption before sending authentication credentials, such as SSL. Now that being said, I'm not using https right now. I think even if I did configure SSL, which would encrypt traffic from me to dokuwiki, traffic from dokuwiki to my domain controller would still be unencrypted. That is true. However, with Kerberos, it would be one more level of security instead of open creds. But lets look at the bigger picture here. We're inside of your network already. What is being kept on this wiki? How-to's? Not really that important. So probably don't need Kerberos security on a bunch of security manuals. If your users are using wireshark to try to get them into your wiki, then you either need to hire them into the IT dept or fire them. Your choice. Ha! Alas, most of my users (other than the IT folks themselves) who'd be using this probably don't know Wireshark exists. Stuff that in a bunch of text files on our IT share is going into the wiki, and I can control access to pages from within Dokuwiki, as I don't think the average sales person needs to the see a document of "How to configure the web server." At this point, my quest is more of curiosity and learning of what traffic is visible when folks authenticate on their workstations against AD. 
- 
 I really could spent all day going through a Wireshark capture and not become bored, but in 10 minutes, my office day ends, and I go teach a percussion lesson.  
- 
 @EddieJennings make sure you are using ldaps and not straight ldap. This doesn't sound like a failure of the application just not using the correct authentication mechanism. 
- 
 @coliver said in What Are You Doing Right Now: @EddieJennings make sure you are using ldaps and not straight ldap. This doesn't sound like a failure of the application just not using the correct authentication mechanism. Yeah. I'll see what options I have. 
- 
 Just not digging the new logo. 
- 
 
- 
 @scottalanmiller said in What Are You Doing Right Now: @NerdyDad said in What Are You Doing Right Now: Just not digging the new logo. Whose? SW 
- 
 @NerdyDad said in What Are You Doing Right Now: @scottalanmiller said in What Are You Doing Right Now: @NerdyDad said in What Are You Doing Right Now: Just not digging the new logo. Whose? SW Oh. I really liked it. 
- 
 @scottalanmiller said in What Are You Doing Right Now: @NerdyDad said in What Are You Doing Right Now: @scottalanmiller said in What Are You Doing Right Now: @NerdyDad said in What Are You Doing Right Now: Just not digging the new logo. Whose? SW Oh. I really liked it. Maybe it just needs to grow on me. 
- 
 @NerdyDad said in What Are You Doing Right Now: @scottalanmiller said in What Are You Doing Right Now: @NerdyDad said in What Are You Doing Right Now: @scottalanmiller said in What Are You Doing Right Now: @NerdyDad said in What Are You Doing Right Now: Just not digging the new logo. Whose? SW Oh. I really liked it. Maybe it just needs to grow on me. I was ambivalent until they started putting it everywhere. Now the mosh duck is just annoying. 
- 
 Watching a show while @scottalanmiller and the kids play Minecraft 
- 
 Playing with Qubes OS. Have me an IT qube, a HAM qube, and working on a Kali qube. Unfortunately its all in debian instead of fedora. Oh well. 
- 
 @NerdyDad said in What Are You Doing Right Now: Playing with Qubes OS. Have me an IT qube, a HAM qube, and working on a Kali qube. Unfortunately its all in debian instead of fedora. Oh well. Why not just use KVM? 




