Troubles getting wikid to respond to radius

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

Troubles getting wikid to respond to radius

jeffriechers
Ok, this is my second fresh build, with the same results as the last.  Running on a dedicated Centos 7 vm.

I am able to get the configuration setup, and register my token with no problem.  I have the network client set to get requests from my Radius servers (2012 R2 NAP) and I have integrated the radius server into my Netscaler virtual appliance.

When I hit the page and enter my user, password and token, the Password is authenticated, but I get "The remote RADIUS (Remote Authentication Dial-In User Service) server did not respond." error messages from my Radius box.

Checking through my wikid config I see that Radius is listening on 127.0.0.1 instead of the ip address of the Centos 7 vm itself.  Could this be the issue?  How can I get this registered to the correct IP of the machine.  Or should this not be touched.

I have gone through all of the guides on setting things up, including the MS Radius documents for forwarding radius to the wikid server.

Some additional info is that when I start the wikid service I get the following messages.

[root@wikid1 conf]# wikidctl start
sh: netstat: command not found
Starting database...Redirecting to /bin/systemctl start  postgresql.service
Success!
Success!
Starting Logger service...sh: netstat: command not found
sh: netstat: command not found
Database listener not available!  Logger NOT started!
Starting TimeCop service...sh: netstat: command not found
sh: netstat: command not found
Database listener not available!  Timecop NOT started!
sh: netstat: command not found
sh: netstat: command not found
Starting Tomcat server ...Success!
sh: netstat: command not found
LDAP protocol not enabled.
sh: netstat: command not found
[root@wikid1 conf]#


Reply | Threaded
Open this post in threaded view
|

Re: Troubles getting wikid to respond to radius

Nick Owen
Administrator
First, can you install netstat?   That could be the issue.

The listener does need to be on 127.0.0.1.

Take a look at this page:

https://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-can-i-set-radius-logging-to-debug-how-can-i-see-if-wikid-is-getting-the-radius-requests

In particular, run the tcpdump command and make sure that the packets
are coming from the correct IP.

Let me know,

Nick

On Fri, Apr 24, 2015 at 9:30 AM, jeffriechers [via WiKID Strong
Authentication Forums] <[hidden email]>
wrote:

> Ok, this is my second fresh build, with the same results as the last.
> Running on a dedicated Centos 7 vm.
>
> I am able to get the configuration setup, and register my token with no
> problem.  I have the network client set to get requests from my Radius
> servers (2012 R2 NAP) and I have integrated the radius server into my
> Netscaler virtual appliance.
>
> When I hit the page and enter my user, password and token, the Password is
> authenticated, but I get "The remote RADIUS (Remote Authentication Dial-In
> User Service) server did not respond." error messages from my Radius box.
>
> Checking through my wikid config I see that Radius is listening on 127.0.0.1
> instead of the ip address of the Centos 7 vm itself.  Could this be the
> issue?  How can I get this registered to the correct IP of the machine.  Or
> should this not be touched.
>
> I have gone through all of the guides on setting things up, including the MS
> Radius documents for forwarding radius to the wikid server.
>
> Some additional info is that when I start the wikid service I get the
> following messages.
>
> [root@wikid1 conf]# wikidctl start
> sh: netstat: command not found
> Starting database...Redirecting to /bin/systemctl start  postgresql.service
> Success!
> Success!
> Starting Logger service...sh: netstat: command not found
> sh: netstat: command not found
> Database listener not available!  Logger NOT started!
> Starting TimeCop service...sh: netstat: command not found
> sh: netstat: command not found
> Database listener not available!  Timecop NOT started!
> sh: netstat: command not found
> sh: netstat: command not found
> Starting Tomcat server ...Success!
> sh: netstat: command not found
> LDAP protocol not enabled.
> sh: netstat: command not found
> [root@wikid1 conf]#
>
>
>
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Troubles-getting-wikid-to-respond-to-radius-tp7575141.html
> To start a new topic under General Discussions, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML



--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP
Reply | Threaded
Open this post in threaded view
|

Re: Troubles getting wikid to respond to radius

jeffriechers
Ok, ran tcpdump and I see the request coming in.  However wikid never responds back to the request.

Here is the info coming in.

10:12:30.105854 IP (tos 0x0, ttl 128, id 23250, offset 0, flags [DF], proto UDP (17), length 106)
    lab-dc01.lab.local.49172 > wikid1.lab.local.radius: RADIUS, length: 78
        Access Request (1), id: 0x0e, Authenticator: blah blah blah
          NAS IP Address Attribute (4), length: 6, Value: 192.168.0.76
          Password Attribute (2), length: 18, Value:
          Username Attribute (1), length: 6, Value: jeff
          Proxy State Attribute (33), length: 10, Value: .
          Message Authentication Attribute (80), length: 18, Value: <.........H..V..
10:12:33.106554 IP (tos 0x0, ttl 128, id 23259, offset 0, flags [DF], proto UDP (17), length 106)
    lab-dc01.lab.local.49172 > wikid1.lab.local.radius: RADIUS, length: 78
        Access Request (1), id: 0x0f, Authenticator: blah blah censorship
          NAS IP Address Attribute (4), length: 6, Value: 192.168.0.76
          Password Attribute (2), length: 18, Value:
          Username Attribute (1), length: 6, Value: jeff
          Proxy State Attribute (33), length: 10, Value: .
          Message Authentication Attribute (80), length: 18, Value: ..D...#H.V....

So it's like the wikid is not kicking the response back

I see the NAS IP Address for the netscaler, so I added that a network client as well, just in case it was trying to respond directly, no go.

I was not able to get any logging going, as you can see in the startup the logging database can't be created.  Same problem I had on the previous build.
Reply | Threaded
Open this post in threaded view
|

Re: Troubles getting wikid to respond to radius

Nick Owen
Administrator
I'm thinking there's something that's not starting due to all the
changes in centos 7.  Did you install netstat?

What does 'netstat -anp | grep 1812' show?

On Fri, Apr 24, 2015 at 10:18 AM, jeffriechers [via WiKID Strong
Authentication Forums] <[hidden email]>
wrote:

> Ok, ran tcpdump and I see the request coming in.  However wikid never
> responds back to the request.
>
> Here is the info coming in.
>
> 10:12:30.105854 IP (tos 0x0, ttl 128, id 23250, offset 0, flags [DF], proto
> UDP (17), length 106)
>     lab-dc01.lab.local.49172 > wikid1.lab.local.radius: RADIUS, length: 78
>         Access Request (1), id: 0x0e, Authenticator: blah blah blah
>           NAS IP Address Attribute (4), length: 6, Value: 192.168.0.76
>           Password Attribute (2), length: 18, Value:
>           Username Attribute (1), length: 6, Value: jeff
>           Proxy State Attribute (33), length: 10, Value: .
>           Message Authentication Attribute (80), length: 18, Value:
> <.........H..V..
> 10:12:33.106554 IP (tos 0x0, ttl 128, id 23259, offset 0, flags [DF], proto
> UDP (17), length 106)
>     lab-dc01.lab.local.49172 > wikid1.lab.local.radius: RADIUS, length: 78
>         Access Request (1), id: 0x0f, Authenticator: blah blah censorship
>           NAS IP Address Attribute (4), length: 6, Value: 192.168.0.76
>           Password Attribute (2), length: 18, Value:
>           Username Attribute (1), length: 6, Value: jeff
>           Proxy State Attribute (33), length: 10, Value: .
>           Message Authentication Attribute (80), length: 18, Value:
> ..D...#H.V....
>
> So it's like the wikid is not kicking the response back
>
> I see the NAS IP Address for the netscaler, so I added that a network client
> as well, just in case it was trying to respond directly, no go.
>
> I was not able to get any logging going, as you can see in the startup the
> logging database can't be created.  Same problem I had on the previous
> build.
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Troubles-getting-wikid-to-respond-to-radius-tp7575141p7575143.html
> To start a new topic under General Discussions, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML



--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP
Reply | Threaded
Open this post in threaded view
|

Re: Troubles getting wikid to respond to radius

jeffriechers
Had to find the package to install it.

It responds with nothing.

[root@wikid1 conf]# netstat -anp | grep 1812
[root@wikid1 conf]#
Reply | Threaded
Open this post in threaded view
|

Re: Troubles getting wikid to respond to radius

Nick Owen
Administrator
Did you restart WiKD?

Is anything running?  'netstat -anp | grep java'

Are there any errors in /opt/WiKID/tomcat/logs/catalina.err ?

On Fri, Apr 24, 2015 at 10:27 AM, jeffriechers [via WiKID Strong
Authentication Forums] <[hidden email]>
wrote:

> Had to find the package to install it.
>
> It responds with nothing.
>
> [root@wikid1 conf]# netstat -anp | grep 1812
> [root@wikid1 conf]#
>
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Troubles-getting-wikid-to-respond-to-radius-tp7575141p7575145.html
> To start a new topic under General Discussions, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML



--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP
Reply | Threaded
Open this post in threaded view
|

Re: Troubles getting wikid to respond to radius

jeffriechers
[root@wikid1 conf]# netstat -anp | grep java
[root@wikid1 conf]#


at the tail end of my catalina.err I see this.  


log4j:ERROR Could not connect to remote log4j server at [localhost]. We will try again later.
log4j:ERROR Could not connect to remote log4j server at [localhost]. We will try again later.
Reply | Threaded
Open this post in threaded view
|

Re: Troubles getting wikid to respond to radius

Nick Owen
Administrator
Well looks like nothing is starting.  Did you follow this doc
https://www.wikidsystems.com/support/wikid-support-center/installation-how-tos/how-to-install-the-wikid-enterprise-rpms?

Is selinux enabled?

On Fri, Apr 24, 2015 at 11:11 AM, jeffriechers [via WiKID Strong
Authentication Forums] <[hidden email]>
wrote:

> [root@wikid1 conf]# netstat -anp | grep java
> [root@wikid1 conf]#
>
>
> at the tail end of my catalina.err I see this.
>
>
> log4j:ERROR Could not connect to remote log4j server at [localhost]. We will
> try again later.
> log4j:ERROR Could not connect to remote log4j server at [localhost]. We will
> try again later.
>
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Troubles-getting-wikid-to-respond-to-radius-tp7575141p7575147.html
> To start a new topic under General Discussions, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML



--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP
Reply | Threaded
Open this post in threaded view
|

Re: Troubles getting wikid to respond to radius

Nick Owen
Administrator
In reply to this post by jeffriechers
Have you created and installed the Intermediate and localhost
certificates?  I don't see anything in the ca.wikidsystems.com site...

On Fri, Apr 24, 2015 at 11:17 AM, Nick Owen <[hidden email]> wrote:

> Well looks like nothing is starting.  Did you follow this doc
> https://www.wikidsystems.com/support/wikid-support-center/installation-how-tos/how-to-install-the-wikid-enterprise-rpms?
>
> Is selinux enabled?
>
> On Fri, Apr 24, 2015 at 11:11 AM, jeffriechers [via WiKID Strong
> Authentication Forums] <[hidden email]>
> wrote:
>> [root@wikid1 conf]# netstat -anp | grep java
>> [root@wikid1 conf]#
>>
>>
>> at the tail end of my catalina.err I see this.
>>
>>
>> log4j:ERROR Could not connect to remote log4j server at [localhost]. We will
>> try again later.
>> log4j:ERROR Could not connect to remote log4j server at [localhost]. We will
>> try again later.
>>
>>
>> ________________________________
>> If you reply to this email, your message will be added to the discussion
>> below:
>> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Troubles-getting-wikid-to-respond-to-radius-tp7575141p7575147.html
>> To start a new topic under General Discussions, email
>> [hidden email]
>> To unsubscribe from WiKID Strong Authentication Forums, click here.
>> NAML
>
>
>
> --
> Nick Owen  --  WiKID Systems, Inc.
> http://www.wikidsystems.com
> Commercial/Open Source Two-Factor Authentication
> http://twitter.com/wikidsystems | #wikid on freenode.net
> Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP



--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP
Reply | Threaded
Open this post in threaded view
|

Re: Troubles getting wikid to respond to radius

jeffriechers
Yes, all certs are added and authorized, and i can issue tokens.

Followed that guide step by step both times.  In fact on the second install I copied and pasted each line right from the guide into my putty session.

I also completely turned off firewalld.

Could it be something with CentOS 7?  I was thinking I might try dropping down to 6 to see if that fixes it.
Reply | Threaded
Open this post in threaded view
|

Re: Troubles getting wikid to respond to radius

Nick Owen
Administrator

Hmm. Selinux is suspect, I have it working on 7 so it's doable. 

Does java -version show 8?

On Apr 24, 2015 12:14 PM, "jeffriechers [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:
Yes, all certs are added and authorized, and i can issue tokens.

Followed that guide step by step both times.  In fact on the second install I copied and pasted each line right from the guide into my putty session.

I also completely turned off firewalld.

Could it be something with CentOS 7?  I was thinking I might try dropping down to 6 to see if that fixes it.


To start a new topic under General Discussions, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

Re: Troubles getting wikid to respond to radius

Nick Owen
Administrator
In reply to this post by jeffriechers

Our iso is centos 6, if you want to grab it.

On Apr 24, 2015 12:23 PM, "Nick Owen" <[hidden email]> wrote:

Hmm. Selinux is suspect, I have it working on 7 so it's doable. 

Does java -version show 8?

On Apr 24, 2015 12:14 PM, "jeffriechers [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:
Yes, all certs are added and authorized, and i can issue tokens.

Followed that guide step by step both times.  In fact on the second install I copied and pasted each line right from the guide into my putty session.

I also completely turned off firewalld.

Could it be something with CentOS 7?  I was thinking I might try dropping down to 6 to see if that fixes it.


To start a new topic under General Discussions, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

Re: Troubles getting wikid to respond to radius

Nick Owen
Administrator
In reply to this post by jeffriechers
Wait, did you say you pasted into a putty session?  The cert is
supposed to be installed via the WiKIDAdmin/Configuration/Install the
Intermediate Cert.

Do you have an intCAkeys.p12 and a localhost.p12 in /opt/WiKID/private?

On Fri, Apr 24, 2015 at 2:33 PM, Nick Owen <[hidden email]> wrote:

> Our iso is centos 6, if you want to grab it.
>
> On Apr 24, 2015 12:23 PM, "Nick Owen" <[hidden email]> wrote:
>>
>> Hmm. Selinux is suspect, I have it working on 7 so it's doable.
>>
>> Does java -version show 8?
>>
>> On Apr 24, 2015 12:14 PM, "jeffriechers [via WiKID Strong Authentication
>> Forums]" <[hidden email]> wrote:
>>>
>>> Yes, all certs are added and authorized, and i can issue tokens.
>>>
>>> Followed that guide step by step both times.  In fact on the second
>>> install I copied and pasted each line right from the guide into my putty
>>> session.
>>>
>>> I also completely turned off firewalld.
>>>
>>> Could it be something with CentOS 7?  I was thinking I might try dropping
>>> down to 6 to see if that fixes it.
>>>
>>> ________________________________
>>> If you reply to this email, your message will be added to the discussion
>>> below:
>>>
>>> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Troubles-getting-wikid-to-respond-to-radius-tp7575141p7575150.html
>>> To start a new topic under General Discussions, email
>>> [hidden email]
>>> To unsubscribe from WiKID Strong Authentication Forums, click here.
>>> NAML



--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP
Reply | Threaded
Open this post in threaded view
|

Re: Troubles getting wikid to respond to radius

jeffriechers
Yes, all the certs and such was done via the web gui.  I meant the base installation was done via an ssh session.

I will attempt to disable selinux and do a fresh install later.

On Fri, Apr 24, 2015 at 3:24 PM, Nick Owen [via WiKID Strong Authentication Forums] <[hidden email]> wrote:
Wait, did you say you pasted into a putty session?  The cert is
supposed to be installed via the WiKIDAdmin/Configuration/Install the
Intermediate Cert.

Do you have an intCAkeys.p12 and a localhost.p12 in /opt/WiKID/private?

On Fri, Apr 24, 2015 at 2:33 PM, Nick Owen <[hidden email]> wrote:

> Our iso is centos 6, if you want to grab it.
>
> On Apr 24, 2015 12:23 PM, "Nick Owen" <[hidden email]> wrote:
>>
>> Hmm. Selinux is suspect, I have it working on 7 so it's doable.
>>
>> Does java -version show 8?
>>
>> On Apr 24, 2015 12:14 PM, "jeffriechers [via WiKID Strong Authentication
>> Forums]" <[hidden email]> wrote:

>>>
>>> Yes, all certs are added and authorized, and i can issue tokens.
>>>
>>> Followed that guide step by step both times.  In fact on the second
>>> install I copied and pasted each line right from the guide into my putty
>>> session.
>>>
>>> I also completely turned off firewalld.
>>>
>>> Could it be something with CentOS 7?  I was thinking I might try dropping
>>> down to 6 to see if that fixes it.
>>>
>>> ________________________________
>>> If you reply to this email, your message will be added to the discussion
>>> below:
>>>
>>> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Troubles-getting-wikid-to-respond-to-radius-tp7575141p7575150.html
>>> To start a new topic under General Discussions, email
>>> [hidden email]
>>> To unsubscribe from WiKID Strong Authentication Forums, click here.
>>> NAML



--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP



To unsubscribe from Troubles getting wikid to respond to radius, click here.
NAML

Reply | Threaded
Open this post in threaded view
|

Re: Troubles getting wikid to respond to radius

Nick Owen
Administrator
OK - we can do a teamviewer session or something (that supports linux
;-))  on monday if you like too.

On Fri, Apr 24, 2015 at 5:19 PM, jeffriechers [via WiKID Strong
Authentication Forums] <[hidden email]>
wrote:

> Yes, all the certs and such was done via the web gui.  I meant the base
> installation was done via an ssh session.
>
> I will attempt to disable selinux and do a fresh install later.
>
> On Fri, Apr 24, 2015 at 3:24 PM, Nick Owen [via WiKID Strong Authentication
> Forums] <[hidden email]> wrote:
>>
>> Wait, did you say you pasted into a putty session?  The cert is
>> supposed to be installed via the WiKIDAdmin/Configuration/Install the
>> Intermediate Cert.
>>
>> Do you have an intCAkeys.p12 and a localhost.p12 in /opt/WiKID/private?
>>
>> On Fri, Apr 24, 2015 at 2:33 PM, Nick Owen <[hidden email]> wrote:
>>
>> > Our iso is centos 6, if you want to grab it.
>> >
>> > On Apr 24, 2015 12:23 PM, "Nick Owen" <[hidden email]> wrote:
>> >>
>> >> Hmm. Selinux is suspect, I have it working on 7 so it's doable.
>> >>
>> >> Does java -version show 8?
>> >>
>> >> On Apr 24, 2015 12:14 PM, "jeffriechers [via WiKID Strong
>> >> Authentication
>> >> Forums]" <[hidden email]> wrote:
>>
>> >>>
>> >>> Yes, all certs are added and authorized, and i can issue tokens.
>> >>>
>> >>> Followed that guide step by step both times.  In fact on the second
>> >>> install I copied and pasted each line right from the guide into my
>> >>> putty
>> >>> session.
>> >>>
>> >>> I also completely turned off firewalld.
>> >>>
>> >>> Could it be something with CentOS 7?  I was thinking I might try
>> >>> dropping
>> >>> down to 6 to see if that fixes it.
>> >>>
>> >>> ________________________________
>> >>> If you reply to this email, your message will be added to the
>> >>> discussion
>> >>> below:
>> >>>
>> >>>
>> >>> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Troubles-getting-wikid-to-respond-to-radius-tp7575141p7575150.html
>> >>> To start a new topic under General Discussions, email
>> >>> [hidden email]
>> >>> To unsubscribe from WiKID Strong Authentication Forums, click here.
>> >>> NAML
>>
>>
>>
>> --
>> Nick Owen  --  WiKID Systems, Inc.
>> http://www.wikidsystems.com
>> Commercial/Open Source Two-Factor Authentication
>> http://twitter.com/wikidsystems | #wikid on freenode.net
>> Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP
>>
>>
>> ________________________________
>> If you reply to this email, your message will be added to the discussion
>> below:
>>
>> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Troubles-getting-wikid-to-respond-to-radius-tp7575141p7575153.html
>> To unsubscribe from Troubles getting wikid to respond to radius, click
>> here.
>> NAML
>
>
>
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Troubles-getting-wikid-to-respond-to-radius-tp7575141p7575154.html
> To start a new topic under General Discussions, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML



--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP