Anonymous

Changes

From Pumping Station One

RFIDv2 (view source)

Revision as of 23:43, 6 October 2019

532 bytes added ,  23:43, 6 October 2019
→‎What's next
Line 14: Line 14:     
=System Description=
 
=System Description=
*all production software is on a VM in our server closet and should be documented on the official [https://github.com/pumpingstationone PS1 Github]
+
*all production software is on a VM in our server closet and documented on the official [https://github.com/pumpingstationone PS1 Github]
 
*[membership.pumpingstationone.org The member management system], Wild Apricot, user has RFID fob entered into user profile. Can be by admin or self service, seperate multiple tags by a comma
 
*[membership.pumpingstationone.org The member management system], Wild Apricot, user has RFID fob entered into user profile. Can be by admin or self service, seperate multiple tags by a comma
 
*WA2AD goes down the list of all members in WA and does an active directory lookup to see if the member exists and verifies members status. If the user doesn't exist an AD user is created. It runs on our active directory controller (DC01), via Windows task scheduler every 5 mins. Ron uses a tool called "active directory explorer" to see all groups in users in AD.
 
*WA2AD goes down the list of all members in WA and does an active directory lookup to see if the member exists and verifies members status. If the user doesn't exist an AD user is created. It runs on our active directory controller (DC01), via Windows task scheduler every 5 mins. Ron uses a tool called "active directory explorer" to see all groups in users in AD.
 
*WA2AD handles computer authorization - it looks up the string associated with the "computer authorizations" checkbox in WA and puts the user in an AD groups that enables the user to log into the computer associated with that piece of equipment.
 
*WA2AD handles computer authorization - it looks up the string associated with the "computer authorizations" checkbox in WA and puts the user in an AD groups that enables the user to log into the computer associated with that piece of equipment.
 
*Active directory stores member status with the userAccountControl field - if a members is inactive their RFID fob and all computer logins are disabled.
 
*Active directory stores member status with the userAccountControl field - if a members is inactive their RFID fob and all computer logins are disabled.
*AD2RFID is a program that runs as a cron job everty 15 min on Glue, a centOS linux box.
+
*AD2RFID is a program that runs as a cron job everty 15 min on Glue, a centOS linux box. It only adds users to the board when they are new and explicitly diables them on the board when they are inactive members. It replaces all members every time it runs.
 +
*AD2RFID does the Weigand conversion to the fob number to store on the controller board, which is what is compared to what the RFID readers at the door send to the control board.
 +
*The IP address of the board is effectively static and is assigned via MAC address.
 +
*The board occasionally hangs and AD2RFID times out after 1 minute of not receiving a reply from the board and waits for the next scheduled job to try again.
 +
*Glue and the domain controller must be running for the data transfer process from WA to the board to work correctly.
   −
 
+
=Troubleshooting=
There is an old HP (add specs) Windows XP machine that was added to the PS1 domain (called RFID-2) that pulls user information from an SQL database on a VM called RFID2 and  pushes that information to all the door controllers with a piece of software called Professional Door Control Management. You can remote into this machine using Windows Remote Desktop using rfid-2.ad.pumpingstationone.org.
+
*All RFID fob numbers must start with 00 - sometimes the reader reports numbers incorrectly - the number on the fob will be be the number in the RFID field in WA.  
 
+
*Make sure the member has an active account
A VM on Proxmox Cloud 2 called RFID2 (10.100.11.31) houses the SQL database so that current members can access the doors. Eventually a job will run that will populate the database usernames, RFID tags, and member status from PS1AUTH. This may help accomplish this task:
+
*Make sure the tags in RFID field are separated by a comma. All RFID tags are stored in otherPager field (which contains an array of numbers) in AD.
*https://technet.microsoft.com/en-us/library/cc720650(v=ws.10).aspx
  −
*https://www.mssqltips.com/sqlservertip/4190/import-active-directory-data-to-a-sql-server-table/
  −
*https://cwiki.apache.org/confluence/display/SYNCOPE/Synchronize+Active+Directory+with+SQL+database#SynchronizeActiveDirectorywithSQLdatabase-Provide_a_user_template
      
=What's next=
 
=What's next=
Line 35: Line 36:  
*Writing a cron job to sync PS1Auth data (that members can add their RFID) to the RFID2 SQL database the door reader uses.
 
*Writing a cron job to sync PS1Auth data (that members can add their RFID) to the RFID2 SQL database the door reader uses.
 
*Create an Auto-it script that presses the upload button in the control software to send info from the SQL database to the controller.
 
*Create an Auto-it script that presses the upload button in the control software to send info from the SQL database to the controller.
 +
 +
==DEV2AD==
 +
A wifi enabled microcontroller with an RFID reader makes a webservice call to Glue. Dev2AD is running on Glue and receives the call. DEV2AD validates that the tag is associated with the authorization for that tool. Currently the theory would be that DEV2AD would look at the AD group for a particular piece of equipment, grab the list of all users in that group, and search for a matching tag - if a tag matches then an activity will be initiated.
 +
    
==Status==
 
==Status==
Rtystgeeke
1,238

edits

Retrieved from "https://ps1.mywikis.wiki/wiki/Special:MobileDiff/40956...40968"
Cookies help us deliver our services. By using our services, you agree to our use of cookies.
More information