I see some archived posts from Peter at Goldsmiths 2-3 years ago referencing
eduroam. If Peter's still here, I'm curious how things have worked out. Anyone
else is free to chime in too, of course.
Last year, we deployed eduroam (eduroam.org) as our only WPA2-Enterprise SSID.
I have a small perl rlm (250 lines including comments) to do custom
authorization and VLAN assignment. This year, I intend to put our open wireless
and wired networks under PacketFence management. It would be nice to be able to
manage all of this in the same system. I see several possible ways to approach
this:
1) Merge my existing eduroam FreeRADIUS configuration with PacketFence's and
turn the eduroam-specific FreeRADIUS servers off. Although PF has hooks for
pf::radius::custom and pf::vlan::custom, this seems non-trivial, especially
across upgrades. My biggest conceptual problem is that a VLAN or category is
assigned to a node upon first registration, but I want it to happen dynamically
every time that the 802.1X client authenticates. I like that the laptops we
make available for short-term loan land in a different VLAN depending on who is
logged on. I've been told that Inverse is looking into an option to recalculate
the proper VLAN every time based on the 802.1X user, but I can't count on this
being done in my time frame.
2) Use a Radius accounting hook on my eduroam FreeRADIUS server to inject
"node" entries info PF. Violations could be opened and closed, etc. through PF
administrative and captive portal interfaces. The eduroam FreeRADIUS server
would then consult PF, through web services or more likely SQL queries, to see
if a node should be quarantined. on the plus side, this seems fairly
upgrade-safe and is in fact how I am obscuring the difference between eduroam
and a legacy captive portal system (which is to be replaced by PF).
3) Maybe something can be done with proxy/federation purely at the RADIUS
level.
Oh yes, and this needs to be in full production no later than March 26. So the
less code that needs to be written and debugged, the better.
--
Rich Graves http://claimid.com/rcgraves
Carleton.edu Sr UNIX and Security Admin
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
