Re: [WIRELESS-LAN] Recent Radius Meltdowns

ing I/O. It's not trivial, not sponsored, and there's only two full time developers so it's going to take a while. -Arran Arran Cudbard-Bell <a.cudba...@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2 ** Participation and

Re: [WIRELESS-LAN] Apple OSX 10.11 beta

> On Aug 11, 2015, at 1:37 AM, Jason Cook wrote: > > Thanks for all the responses on this. Upgrade worked a treat. > > Was a better response than vendor support but to be fair we hadn’t logged one > with freeradius And you wouldn't need to of, as we had stable

Re: [WIRELESS-LAN] 802.1X and Heartbleed...

servers if TLS is used to secure the connection. Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found

Re: [WIRELESS-LAN] 802.1x vs web-portal

Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Multithreaded krb5 module for FreeRADIUS 2.x

Hi Aaron, Sorry for the late reponse to this thread (I'm catching up on backlogged mail). I'm not sure if you got any volunteers, but we'd be very interested in testing this out (with MIT krb5 at least). Thanks for doing this work. Hi Shumon, Because no one responded on the

Re: [WIRELESS-LAN] About the eduroam configuration on Freeradius

Hi, It is an exceptionally bad idea to do what you're proposing, as it prevents local users from verifying their eduroam configuration actually works at your site before roaming to other sites. Yes, you can display a test page, but then you have to make sure that every user sets the priority

Multithreaded krb5 module for FreeRADIUS 2.x

(apologies for those on netman, this should have gone to wireless-lan originally) Hi All, A while back there was some discussion about the current krb5 module in FreeRADIUS being single threaded, and that it may no longer be necessary for it to be single threaded. It transpires that both MIT

Re: [WIRELESS-LAN] 802.1x Wireless Printers- revisited

On 12 Dec 2012, at 15:43, Lee H Badman lhbad...@syr.edu wrote: Has been a while: What wireless printers have you found that successfully work on 802.1x based wireless networks- particularly using MS-CHAPv2/PEAP, WPA2, and AD back-end (as if the printer was just another host on the secure

Re: [WIRELESS-LAN] 802.1x Wireless Printers- revisited

On 13 Dec 2012, at 16:08, phanset phan...@utk.edu wrote: Has been a while: What wireless printers have you found that successfully work on 802.1x based wireless networks- particularly using MS-CHAPv2/PEAP, WPA2, and AD back-end (as if the printer was just another host on the secure

Re: [WIRELESS-LAN] Eduroam technical questions

The problem comes in implementing the ban. Some institutions allow an anonymous outer identity for the EAP tunnel, which, so long as it contains enough information for routing can contain an arbitrary user id. You ban one and the user can just change it and still get access. You never get to

Re: [WIRELESS-LAN] Eduroam technical questions

Cudbard-Bell a.cudba...@freeradius.org wrote: The problem comes in implementing the ban. Some institutions allow an anonymous outer identity for the EAP tunnel, which, so long as it contains enough information for routing can contain an arbitrary user id. You ban one and the user can just

Re: [WIRELESS-LAN] FreeRADIUS performance question

The easiest way to disable the cache is to set the environment variable KRB5RCACHETYPE to none before starting freeradius. The MIT Kerberos software on our RADIUS servers though is so old (v1.3.x) that it didn't support this, so I had to disable it by writing a patch to the source code (in

Re: [WIRELESS-LAN] FreeRADIUS performance question

On 23 Aug 2012, at 01:30, Shumon Huque shu...@upenn.edu wrote: Jim, We've been through this, and I'll describe what we did to address it. There are two problems with the freeradius code that cause performance problems with a Kerberos backend: 1) It doesn't disable the replay cache,

Re: [WIRELESS-LAN] FreeRADIUS performance question

Disabling the cache by default would be great. Thanks! EAP-Kerberos doesn't actually exist today as a documented spec - Ah I guess I guess what I read wasn't an official IETF draft (it was years ago and I figured someone might have done something by now). I'm sure that's why there's no

Re: [WIRELESS-LAN] Radius Load-balancing and Aruba

On 15 May 2012, at 20:05, Michael Hulko wrote: We are attempting to create a load-balance farm of Radius servers for our 802.1x authentication. The foundation is: Citrix Netscalars 9000s Aruba M3 controllers Radiator radius server (currently 3) on a Windows platform. We have been

Re: [WIRELESS-LAN] RADIUS Server preference for 10K+ Client Environments?

at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. Arran Cudbard-Bell a.cudba...@freeradius.org Betelwiki, Betelwiki, Betelwiki http

Re: [WIRELESS-LAN] iOS devices on wireless

takes a bit of time and effort to set up. -Arran Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Anyone use CloudPath ?

413.545.9639 Network AnalystUniv. of Massachusetts Amherst ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. - -- Arran Cudbard

Re: [WIRELESS-LAN] Anyone use CloudPath ?

On 23/11/2009 19:11, Methven, Peter J wrote: It can reorder preferred networks to ensure the devices connect to the secure one in preference. I've never tried deleting networks from users laptops as I always worry they may object but I believe it can. Yep definitely can. We use it to remove the

Re: [WIRELESS-LAN] configuration script

On 17/6/09 17:00, Lunceford, Dan wrote: I'd love to see it. Thanks so much for sharing. Second that ! Cheers, Arran -- Arran Cudbard-Bell (a.cudbard-b...@sussex.ac.uk), Authentication, Authorisation and Accounting Officer, Infrastructure Services (IT Services), E1-1-08, Engineering 1

Re: [WIRELESS-LAN] configuration script

Brian Beausoleil wrote: Perhaps a link distributed would be helpful to anyone else wanting to see the source code? I know I would also like to see the code. It'd also be very useful if it could be released under one of the open source licenses like GPLv3. Then we can include it in our own

Re: [WIRELESS-LAN] Wireless Printers on 802.1x Network

-...@listserv.educause.edu] On Behalf Of Arran Cudbard-Bell Sent: Monday, June 08, 2009 2:26 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless Printers on 802.1x Network Hi Lee, Given that we are running 802.1x PEAP w/ MS-CHAPv2, WPA/TKIP on main prod wireless network, has anyone