My knowledge of our 802.1X configuration is barebones and we inherited this configuration from ~20 years ago. We are seeing lots of failures in this part for a long time most likely (omitted some more sensitive details):
<Handler Client-Identifier=n8021x> # # The rock8021x block and 8021x blocks are identical. The rock8021x block is needed as it acts # differently than the WISMs in that it does a login-user rather than a access-request. This # interferes with the 8021x clause that we have for uic-guest support # <AuthBy FILE> # Users must be in this file to get anywhere. In this example, # it reques an entry for 'anonymous' which is the standard username # in the outer requests, and it also requires an entry for the # actual user name who is trying to connect (ie the 'Login name' entered # in the Funk Odyssey 'Edit Profile Properties' page Filename %D/users EAPAnonymous %0@uic.wireless EAPType PEAP, TTLS EAPTLS_PEAPVersion 0 EAPTLS_CAFile /etc/radiator/certificatechain.crt EAPTLS_CertificateFile /etc/radiator/wireless.crt EAPTLS_CertificateType PEM EAPTLS_PrivateKeyFile /etc/radiator/wireless.key EAPTLS_MaxFragmentSize 1000 AutoMPPEKeys EAPTLS_SessionResumption 0 </AuthBy> RewriteUsername s/^([^@]+).*/$1/ RewriteUsername s/\s+//g RewriteUsername s/^.*\\(.*)/$1/ RewriteUsername tr/[A-Z]/[a-z]/ <AuthBy SUSPEND> Dir /mnt/... </AuthBy> <AuthBy SUSPEND> Dir /mnt/... </AuthBy> <AuthBy WIRELESS> Dir /mnt/... </AuthBy> AcctLogFileName %L/wireless-detail <AuthLog SYSLOG> LogSuccess 1 LogFailure 1 Facility local0 SuccessFormat %T : '%U' from %C mac=%{Calling-Station-Id} NAS-Id=%{Called-Station-Id} PEAP-SSID=%{NAS-Identifier} -- 802.1X OK FailureFormat %T : '%u' from %C mac=%{Calling-Station-Id} NAS-Id=%{Called-Station-Id} PEAP-SSID=%{NAS-Identifier} -- 802.1X FAILED </AuthLog> The failure rate is about 1 out of 3! But this does not to appear to be impacting anyone. The file "users" does not exist so I assume that entire Authby is ignored. What could be causing these failures? Filesystem access? --- Roberto Ullfig - rull...@uic.edu Systems Administrator Enterprise Applications & Services | Technology Solutions University of Illinois - Chicago
_______________________________________________ radiator mailing list radiator@lists.open.com.au https://lists.open.com.au/mailman/listinfo/radiator