User Tracking with IAS
I am looking for a solution to perform user tracking using an IAS server. We will be rolling out WPA2/802.1x this summer and I would like to do user tracking. I would like to poll all the user logins/logoffs into a database/application. Any ideas of software/solutions? Nicholas Urrea Information Technology UC Hastings College of the Law [EMAIL PROTECTED] x4718 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] User Tracking with IAS
Sorry, no experience with any of them yet but I recently stumbled on some options when I was troubleshooting IAS. Just google IAS log file format or IAS logging. You get some technet articles but also other solutions for parsing/reporting from the IAS logs. Thanks, Greg From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Urrea, Nick Sent: Tuesday, June 24, 2008 2:11 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] User Tracking with IAS I am looking for a solution to perform user tracking using an IAS server. We will be rolling out WPA2/802.1x this summer and I would like to do user tracking. I would like to poll all the user logins/logoffs into a database/application. Any ideas of software/solutions? Nicholas Urrea Information Technology UC Hastings College of the Law [EMAIL PROTECTED] x4718 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] User Tracking with IAS
IAS supports logging via a txt file or a SQL server. The SQL logging is needlessly complex. The IAS server formats a XML document that is sent to the SQL server and handled by a custom stored procedure. An example is given on the Microsoft TechNet side that you can customize to fit your site. We experimented with this setup and wrote our own web front end. In the end, we had to abandon the design as the IAS server would stop processing requests under moderate load. It appears that if the logging attempt is not successful then IAS will drop or deny the incoming request. This added another system dependency that we could not live with. From Microsoft: If the computer running SQL server runs out of disk space and can no longer perform IAS logging, IAS discards all accounting and authentication requests, preventing client authentication through the IAS server. Make sure you maintain adequate hard disk space on your computer running SQL server. The performance of the SQL server database (throughput and latency) affects the response time of the IAS server. During an authentication attempt, IAS does not respond to the RADIUS client (network access server) until after SQL server notifies the IAS server that the last data write operation is successful. Because of this, you should ensure that the computer running SQL server is designed to handle the IAS logging load and is able to respond with minimum delay. In addition, some RADIUS clients might retry authentication attempts if a response is not received from the IAS server within a specific time period (for example, one second). This could add to the load on the computers running IAS and SQL server during periods of slow response due to network conditions. You should configure the network access servers with an appropriate retry interval to prevent overloading the computers running IAS and SQL server with retry attempts. http://technet2.microsoft.com/windowsserver/en/library/bac482ae-39c4-44b7-bd9f-291ab354ef2b1033.mspx?mfr=true Walt Howd Network Systems Admin Information Technology Services Truman State University SunGard Higher Education Managed Services 100 East Normal Street Kirksville, MO 63501 [EMAIL PROTECTED] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. smime.p7s Description: S/MIME cryptographic signature
RE: [WIRELESS-LAN] User Tracking with IAS
We're experimenting with using IAS for authorization/authentication and sending the accounting packets to a freeradius server. Dialupadmin or daloradius can give reports. Since the accounting info is stored in a MySQL database it'd be relatively easy to get some web reports. The IAS SQL is pretty complicated if you are running multiple IAS servers. They only log to a local SQL server and you'd need another SQL server to consolidate the local databases. Mearl From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Urrea, Nick Sent: Tuesday, June 24, 2008 1:11 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] User Tracking with IAS I am looking for a solution to perform user tracking using an IAS server. We will be rolling out WPA2/802.1x this summer and I would like to do user tracking. I would like to poll all the user logins/logoffs into a database/application. Any ideas of software/solutions? Nicholas Urrea Information Technology UC Hastings College of the Law [EMAIL PROTECTED] x4718 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.