On Fri, 23 Jul 2021, Ullfig, Roberto Alfredo wrote: > "move closer" is just the message the wifi client is printing out - a > very user-unfriendly message for forgetting to enter your domain. The > problem is that our regular WiFi requires just a netid (no domain) and > Eduroam requires the domain and it's a common configuration mixup for > our users. I think a good solution going forward would be to support the > domain in regular Wifi (while also supporting just the netid for current > configurations) and then advertise that in our documentation.
Or -- and this is commonplace in Europe but there seems to be a lot of intransigence US-side -- don't have a separate "regular WiFi" network - just use Eduroam for routine end user use. Then eduroam automatically just works for everyone when they are travelling, since it's the same network they used back home. Jethro. > > --- > Roberto Ullfig - rull...@uic.edu > Systems Administrator > Enterprise Applications & Services | Technology Solutions > University of Illinois - Chicago > ________________________________ > From: radiator <radiator-boun...@lists.open.com.au> on behalf of Heikki > Vatiainen <h...@open.com.au> > Sent: Friday, July 23, 2021 10:41 AM > To: radiator@lists.open.com.au <radiator@lists.open.com.au> > Subject: Re: [RADIATOR] we're sending empty realms to eduroam tlrs servers > > On 23.7.2021 18.03, Ullfig, Roberto Alfredo wrote: > > Can we specify the error message to return to the user with: > > > > RejectReason you must specify your domain... > > > > or must that be done on the wireless controller? > > I think the wireless controller would need to take Reply-Message > attribute contents from Access-Reject and somehow send it to the > wireless client. > > I'm not completely sure, but I don't think it's possible. The EAP > messaging that goes over the wireless hop isn't capable to do it, I'd say. > > One option might be to create a Handler for realmless users that > authenticates them and then drops them to a VLAN which is a walled > garden. There they would always be redirected to a web page with > information about what they should do to get full access. It might be a > bit heave solution though. > > > Currently when a user fails to enter their domain the error message they > > get says to "move closer". > > Is that something you generate locally or does it come from somewhere > else, such as, eduroam? > > Thanks, > Heikki > > > --- > > Roberto Ullfig - rull...@uic.edu > > Systems Administrator > > Enterprise Applications & Services | Technology Solutions > > University of Illinois - Chicago > > ------------------------------------------------------------------------ > > *From:* radiator <radiator-boun...@lists.open.com.au> on behalf of > > Heikki Vatiainen <h...@open.com.au> > > *Sent:* Wednesday, July 14, 2021 12:05 PM > > *To:* radiator@lists.open.com.au <radiator@lists.open.com.au> > > *Subject:* Re: [RADIATOR] we're sending empty realms to eduroam tlrs > > servers > > > > > > On 13.7.2021 22.38, Ullfig, Roberto Alfredo wrote: > >> So I noticed a doc here for handling empty realms: > >> > >> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.geant.org%2Fpages%2Fviewpage.action%3FpageId%3D121346324&data=04%7C01%7Crullfig%40uic.edu%7C729062472404475be16308d946e9cede%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637618792275449703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RNp0yd6TCOW%2Fbrz6V2Gai1Z8UEMiYi0RZTN82HXjNdc%3D&reserved=0 > > <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.geant.org%2Fpages%2Fviewpage.action%3FpageId%3D121346324&data=04%7C01%7Crullfig%40uic.edu%7C729062472404475be16308d946e9cede%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637618792275449703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RNp0yd6TCOW%2Fbrz6V2Gai1Z8UEMiYi0RZTN82HXjNdc%3D&reserved=0> > > > >> > >> Are the Handlers executed in order from top to bottom? > > > > Yes. The handler order, Handler check items, '...' in <Handler ...>, and > > Handler - Realm relationship is discussed in more detail here: > > > > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffiles.radiatorsoftware.com%2Fradiator%2Fref%2FHandler.html&data=04%7C01%7Crullfig%40uic.edu%7C729062472404475be16308d946e9cede%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637618792275449703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7PeV5r7PeUvK4gsVkv90LQyC9JtQmAKyNBbfpXw9JSQ%3D&reserved=0 > > <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffiles.radiatorsoftware.com%2Fradiator%2Fref%2FHandler.html&data=04%7C01%7Crullfig%40uic.edu%7C729062472404475be16308d946e9cede%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637618792275449703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7PeV5r7PeUvK4gsVkv90LQyC9JtQmAKyNBbfpXw9JSQ%3D&reserved=0> > > > > Thanks, > > Heikki > > > > -- > > Heikki Vatiainen <h...@open.com.au> > > > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory, > > EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP, > > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc. > > _______________________________________________ > > radiator mailing list > > radiator@lists.open.com.au > > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&data=04%7C01%7Crullfig%40uic.edu%7C729062472404475be16308d946e9cede%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637618792275449703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=dp4a19ZL9cZ4h2L23R%2BOKSu4AGR6QPf%2FudEomA6Vok8%3D&reserved=0 > > <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&data=04%7C01%7Crullfig%40uic.edu%7C729062472404475be16308d946e9cede%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637618792275449703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=dp4a19ZL9cZ4h2L23R%2BOKSu4AGR6QPf%2FudEomA6Vok8%3D&reserved=0> > > > > _______________________________________________ > > radiator mailing list > > radiator@lists.open.com.au > > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&data=04%7C01%7Crullfig%40uic.edu%7C8131db3bc1fa4b65f06c08d94df08e78%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637626517841023119%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=84yoWdoCNRqG11z3xpzesjgTgHCRruX8dDnvO1ybEWw%3D&reserved=0 > > > > -- > Heikki Vatiainen <h...@open.com.au> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory, > EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP, > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc. > _______________________________________________ > radiator mailing list > radiator@lists.open.com.au > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&data=04%7C01%7Crullfig%40uic.edu%7C8131db3bc1fa4b65f06c08d94df08e78%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637626517841023119%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=84yoWdoCNRqG11z3xpzesjgTgHCRruX8dDnvO1ybEWw%3D&reserved=0 > . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. _______________________________________________ radiator mailing list radiator@lists.open.com.au https://lists.open.com.au/mailman/listinfo/radiator