Thursday, 24 March 2016

Simplified 802.1x roll-out for windows clients: The JANET SU1X utility

I'm clearly not the first sysadmin to find setting up windows clients a pain; the UK university network consortium, JANET, has supported the development of a freely available setup utility, SU1X.

You can obtain the files through the JANET site, https://community.jisc.ac.uk/library/janet-services-documentation/su1x-8021x-configuration-deployment-tool or from GitHub on https://github.com/GarethAyres/SU1X (Edit: They seem to have moved it to SourceForge; see updated info)


It is well documented, so I won't reinvent the wheel here!
The only place the documentation is a little unclear is that the profiles (the various XML files) need to be in a profiles subdirectory (like the images).
You may also wish to comment out the bits of the config.ini file (semicolons at the start of a line) you don't want to use. I got rid of things like printers and the help section.
Although it says Windows 8 on Windows 10 machines, it seems to work.
I've only tested Windows 10 so far.

The su1x-setup.exe program helpfully outputs a fairly verbose log of its actions, so if you miss anything, you'll be able to fix it quickly.

Once you've done this, deploying a small .zip file with the requisite files (including your root CA certificate!) or creating a self-installer will lead to a simple double-click, fill in your username, Run! experience for your users:
Easy Peasy Doubleclick Setup!

If you spend a few moments in GIMP or Photoshop (or even Paint) you can customise the graphics. I miss Photoshop; I did this in GIMP in a couple of seconds, and it's not exactly... pretty.

Note that if you have different networks (SSIDs), you'll need to create one profile and installer for each (i.e. staff/students/junior students/etc.). I can't see an obvious way of selecting between different profiles. If I work that out, I'll update this entry.

You may also be interested in some other tools, notably the GEANTLink project on GitHub:
https://github.com/Amebis/GEANTLink

And this neat site, that allows you to create web accessible installers: https://802.1x-config.org/ there is even a free option, if you don't need extra features, and is arguably easier to set up/administer than the SU1X utility, particularly if you only have one SSID.

No comments:

Post a Comment