How to install the WiKID Strong Authentication Server on Suse

A customer has donated this documentation on how to get the WiKID 2 Factor rpms (which are for Redhat flavors) running on Suse

Install java - (download from Oracle latest stable and install into /opt/java)

Then:

ln -s /opt/java /usr/java (assuming java is setup in the default place)

yast install:

findutils-locate postgres-server posgres-libs www-perl libs

Then:

rpm -ivh --nodeps wikid-utilities-3.0.5-1.i386.rpm
rpm -ivh --nodeps wikid-server-enterprise-3.4.81.b676-1.noarch.rpm

After installing the above modify the following:

vim /opt/WiKID/sbin/load_db.sh

#!/bin/bash

. /etc/WiKID/setenv.sh

#SUDO=$WIKID_HOME/sbin/sudo.sh

LOG=/opt/WiKID/log/install.log
TMPLOG=`mktemp -t wikid-installXXXXX` || exit 1
DIR=/opt/WiKID/conf/database

## let's see if we need to start postgres
pgstatus=`$WIKID_HOME/sbin/check_pg.sh`
if [ "1" = "$pgstatus" ]; then
$WIKID_HOME/sbin/service.sh postgresql start > /dev/null 2>&1
fi

psql -h localhost -U postgres wikid -l > /dev/null 2>&1
wikid_db_check=$?

if [ "$wikid_db_check" != 0 ]; then
(
echo "Initializing WiKID database ..."

#$SUDO postgres "psql -h localhost -d template1 -f $DIR/db-users.sql"
#$SUDO postgres "psql -h localhost -d template1 -f $DIR/wikid-schema.sql"
#$SUDO postgres "psql -h localhost -d wikid -f $DIR/db-data.sql"

psql -d template1 -f $DIR/db-users.sql
psql -d template1 -f $DIR/wikid-schema.sql
psql -d wikid -f $DIR/db-data.sql

sleep 3
) >> $TMPLOG 2>&1
fi
grep -v "NOTICE:" $TMPLOG
cat $TMPLOG >> $LOG

## stop postgres if it was running when we started
if [ "1" = "$pgstatus" ]; then
$WIKID_HOME/sbin/service.sh postgresql stop > /dev/null 2>&1
fi

Then once the file is modifed do the following:

vim sbin/postgresql_config.pl

near the top there is a sanity check that needs to be modified
replace /etc/redhat-release with /etc/SuSE-release

chmod a+rw /opt/WikiD/log/install.log (not sure whether this is necessary - but got permission errors during the install so changed it)

Run the /opt/WikiD/bin/wikidctl setup (follow the steps --- you will see it fail to create the database--- it generates the ca cert)

Then intall the database manually as root

su - postgres
/opt/WiKID/sbin/load_db.sh

Ctrl +D (switch back out of postgres)

as root run:
/opt/WiKID/sbin/postgresql_config.pl

Then make sure that sshd allows TCP Forwarding (or you can't tunnel to the admin UI) -Useful if your server is in a remote datacentre.

Install the Yast Firewall module and cancel out (WiKID will set IPtables. Once WiKID has done this run the following as root:

You may want to add a few things to IPTABLES... eg:
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -s 0.0.0.0/0 -j ACCEPT
/sbin/iptables -I OUTPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT

etc...

iptables-save > /etc/sysconfig/network/iptables.fw

Then so that the custom rules come back on reboot do:

vim /etc/rc.local
iptables-restore < /etc/sysconfig/network/iptables.fw

Then
/opt/WiKID/bin/wikidctl start

Complete the setup of clients through the management web ui.
Configure your radius auth- following the simple instructions on WiKID's wiki for your VPN - this will put in new iptables for the radius and is why you should not use the YAST module setup for the Firewall.

Test :)

Questions? Feedback?Olark live chat software