Thursday, 24 March 2016

Simplified 802.1x roll-out for windows clients: The JANET SU1X utility

I'm clearly not the first sysadmin to find setting up windows clients a pain; the UK university network consortium, JANET, has supported the development of a freely available setup utility, SU1X.

You can obtain the files through the JANET site, https://community.jisc.ac.uk/library/janet-services-documentation/su1x-8021x-configuration-deployment-tool or from GitHub on https://github.com/GarethAyres/SU1X (Edit: They seem to have moved it to SourceForge; see updated info)

Apple Cache Server update

In a previous post, we went through the steps I took to install a working Apple cache server.

It looks like our Apple cache server is earning its keep:

Look at all that nice, healthy, bandwidth-saving green!

Tuesday, 22 March 2016

FreeRADIUS - production SSL certificates

In the previous post, we covered the basic setup of FreeRADIUS.

In this post, we're going to focus on getting the SSL certificates right, and meet some of the common client snafus and their work-arounds (aka "hello Microsoft, please stop sucking at enterprise WiFi").

FreeRADIUS installation and configuration

I eventually abandoned shelved getting a working PacketFence installation (the learning curve and my time availability were not friends); I'll probably go back to setting that up (in the very least so there is a working config example), but I needed a production ready system, fast.

So, now that I've "simplified" to a working "just RADIUS" environment, I should be able to "complicate" it with PacketFence later on (and probably will do - electronic device registration deeply appeals to me on a "proper process" level, and helps with nonsense like RICA, although properly configured RADIUS logging might just obviate that need).

The stuff I learned pounding my head against PacketFence helped, but it wasn't the whole story...