RE: [External] Re: [WIRELESS-LAN] Wi-Fi expectations/service levels and validation

We often refer people to this document penned by my predecessor when they try to do things like have an auditorium of students all connect to Zoom and then complain about the WiFi. https://its.uiowa.edu/support/article/2790 -Neil -- Neil Johnson - University of Iowa From: The EDUCAUSE

Re: [RADIATOR] [External] Re: TACACS Configuration Issue

, Johnson, Neil M wrote: > I have the following in my radiator.conf > > # vSRX Clients > AuthorizeGroup nes_vSRX_group permit service=junos-exec { > local-user-name=tacplus-nes } Spaces aren't allowed after '{'. Try this: AuthorizeGroup nes_vSRX_group permit service=jun

[RADIATOR] TACACS Configuration Issue

I have the following in my radiator.conf # vSRX Clients AuthorizeGroup nes_vSRX_group permit service=junos-exec { local-user-name=tacplus-nes } But I'm seeing this in a trace log: a824d200 Thu Aug 19 13:10:41 2021 280832: DEBUG: AuthBy GROUP result: ACCEPT, a824d200 Thu Aug 19

Aruba Founders Retiring (CEO, CTO, and Architect)

CEO Blog Post - https://blogs.arubanetworks.com/uncategorized/lets-name-it-aruba/ CTO Blog Post - https://blogs.arubanetworks.com/uncategorized/my-aruba-journey/ Chief Architect - https://blogs.arubanetworks.com/uncategorized/reflecting-on-my-aruba-family/ -Neil -- Neil Johnson (he/him/his)

Re: [RADIATOR] [External] Re: Different Reply Item based on LDAP (AD) Group membership

ould use the Client-Identifier together with the LDAP group information to query a UserGroup/DeviceGroup matrix in an SQL database for example. If you can give us a bit more detail we may be able to make better suggestions. regards Hugh > On 7 Mar 2020,

Re: [RADIATOR] [External] Re: Client definition stanza

za On 26.2.2020 1.12, Johnson, Neil M wrote: Given the following stanza: IdenticalClients fd9a:2c75:7d0c:6400::/64 # LC Research Switches IdenticalClients 172.24.145.0/24 IdenticalClients fd9a:2c75:7d0c:6600::/64 # Identifier LC_NET_Clients Secret Du

Re: [RADIATOR] [External] Re: Client definition stanza

No problem Hugh! Sent from my iPhone > On Feb 26, 2020, at 8:27 PM, Hugh Irvine wrote: > > > Hi Neil - > > Apologies - shouldn’t have answered before coffee…. > > Heikki will get back to you later. > > ;-/ > > Hugh > > >> On 27 Feb 202

Re: [RADIATOR] [External] Re: Client definition stanza

your case the last line has replaced the other lines. Try this: # LC Research Switches IdenticalClients 172.24.145.0/24, fd9a:2c75:7d0c:6600::/64, fd9a:2c75:7d0c:6400::/64 ….. regards Hugh On 26 Feb 2020, at 10:12, Johnson, Neil M mailto:neil-john...@uiowa.edu>> wrot

Re: [RADIATOR] [External] Re: Client definition stanza

Hugh On 26 Feb 2020, at 10:12, Johnson, Neil M mailto:neil-john...@uiowa.edu>> wrote: Given the following stanza: IdenticalClients fd9a:2c75:7d0c:6400::/64 # LC Research Switches IdenticalClients 172.24.145.0/24 IdenticalClients fd9a:2c75:7d0c:6600::/64 #

Re: [RADIATOR] [External] Re: Client definition stanza

IdenticalClients expects a list - in your case the last line has replaced the other lines. Try this: # LC Research Switches IdenticalClients 172.24.145.0/24, fd9a:2c75:7d0c:6600::/64, fd9a:2c75:7d0c:6400::/64 ….. regards Hugh On 26 Feb 2020, at 10:12, Johnson, Neil M

[RADIATOR] Client definition stanza

Given the following stanza: IdenticalClients fd9a:2c75:7d0c:6400::/64 # LC Research Switches IdenticalClients 172.24.145.0/24 IdenticalClients fd9a:2c75:7d0c:6600::/64 # Identifier LC_NET_Clients Secret DupInterval 0 Why would connections from

[RADIATOR] Multiple levels of priveleges based on UNIX group membership?

Is the following snippet radius.cfg and users file workable? The goal is to have users authenticate with a unix account and then based on their unix group membership, assign different privilege levels to the switch CLI (cisco). ### radius.cfg # LC Wired net devices IdenticalClients

Re: [External] [WIRELESS-LAN] InCommon certificate trust chain issues with upgraded Windows Systems

Update, The problem was I was using the wrong InCommon Intermediate CA cert (I was using an older SHA512 cert which had been upgraded to a SHA384). Once I straightened that out, the broken clients started working. But that leaves the question why most other clients were working with a broken

InCommon certificate trust chain issues with upgraded Windows Systems

This problem has been vexing us for a few weeks, so I'd thought I'd pass along my message to Microsoft and Sectigo in case others run into the same issue. Thanks. -Neil The authentication has been temporarily resolved, BUT only temporarily. The cause of the problem involved many factors:

Network Engineer I or II opening at The University of Iowa

All, Information Technology Services (ITS) at The University of Iowa, a service organization that provides technology support for the campus, has an opening for a Network Engineer in the Enterprise Infrastructure (EI) department. This position is member of the Network team responsible for the

CBS All Access not working on wireless

We’ve gotten some complaints that users are unable to stream shows from CBS All Access on our wireless network. I suspect it is either a NAT or IPv6 issue. Before I go and sign up for a trial account, has anyone here seen a similar issue? Thanks! -Neil -- Neil Johnson Network Engineer The

Detection Methodology for Bluetooth Credit Card Skmmers ?

To comply with PCI requirements, I’ve been asked to find a way to detect Bluetooth devices that maybe being used by CC skimmers to steal card numbers and PIN’s. There are a lot of retail locations on campus, so some sort of automatic method would be preferable to walking around after hours

Re: [RADIATOR] Multiple Users in a Flat File

different flat files? Any suggestions on a better way to do that? Thanks! -Neil On 1/16/18, 4:40 PM, "Bjoern A. Zeeb" <bzeeb-li...@lists.zabbadoz.net> wrote: On 16 Jan 2018, at 22:10, Johnson, Neil M wrote: > I’m guessing this has been answered, b

Re: [WIRELESS-LAN] Xbox 360 connection issues? - Aruba

Just curious if anyone came up with a solution. We have a half a dozen Xbox 360s with connection issues. In our case they seem to work on AP 225’s but not AP 205H’s. From what my colleague has been able to gather, the AP205H is not passing the DHCP offer back to the 360 (We see the request

Re: [WIRELESS-LAN] Aruba controller loading

At the University of Iowa, we try not to put more than 80% of the max AP’s on our 7240’s. We have ~9200 AP’s and 44-50K clients peak load. We have primarily AP-225s and AP-205H’s (with some 224s and outdoor APs). We have four clusters consisting of primary and backup masters with sets of

Fwd: Private Internet Access launches $50, 000 match for Software Freedom Conservancy

Hi everyone, I wanted to pass this along and make sure you were all aware of the donation campaign with match going on right now. Please consider making a donation if you are able. Several years ago the Metalink project joined the umbrella of open source projects that Conservancy supports. Most

Re: [WIRELESS-LAN] Certificate Expiration and IoT (Door Locks)

sed Assaa Abloyas our vendor. > > > Chris > > > > > Chris Hart > Senior Network Engineer > > > > > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Neil M

Certificate Expiration and IoT (Door Locks)

Our housing department is pushing pretty hard to replace keyed locks on dorm room doors with Wi-Fi connected proximity card locks (a pilot this summer and then eventually rolling out to ~3,000 rooms). The locks would be “offline” locks that cache valid cards locally and only connect to the

Re: [WIRELESS-LAN] TLS Onboarding Vendors

Reminds of this quote for Eugene Stafford: "Secure web servers [cryptographically enabled web servers] are the equivalent of heavy armored cars. The problem is, they are being used to transfer rolls of coins and checks written in crayon by people on park benches to merchants doing business in

Re: [WIRELESS-LAN] Anyone else jumping on Aruba 8.0 code?

We plan to play with it in the lab after the start of year with a target of rolling it out next summer. -Neil -- Neil Johnson neil-john...@uiowa.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of

Re: [Ifeffit] Co fitting questions

Oh yeah, the scattering paths were calculated from the crystal structure of Co(OH)2 using feff in Artemis. Neil From: Ifeffit [mailto:ifeffit-boun...@millenia.cars.aps.anl.gov] On Behalf Of Neil M Schweitzer Sent: Friday, September 02, 2016 3:18 PM To: ifeffit@millenia.cars.aps.anl.gov Subject

[Ifeffit] Multiple scattering path parameters

Are there standard ways of relating the parameters (deltaR and sigma^2) of multiple scattering paths to the parameters of the single scattering paths based on the type of MS path? For example, would deltaR_MS = deltaR_SS*2 if the MS was a "forward through" geometry? What about other geometries

Re: [Ifeffit] determining reasonable fitting parameters

AFS analysis using the short spectrum from Hepheastus. mam On 7/27/2016 1:23 PM, Bruce Ravel wrote: > On 07/27/2016 03:53 PM, Neil M Schweitzer wrote: >> Thanks to everyone for all the previous responses to my emails, I've >> learned a lot in the few weeks I've been

[Ifeffit] No Reference Foil

the data if I can't calibrate it? -- Neil M. Schweitzer, Ph.D Operations Director, CleanCat Core Facility Research Assistant Professor Chemical and Biological Engineering Northwestern University 2137 Sheridan Road Evanston, IL 60208-3000 Office: 847-491-2955 http://cleancat.northwestern.edu

Re: [WIRELESS-LAN] eduroam ssid

eduroam should work with just about any authentication method that uses EAP (PEAP,TLS,TTLS) etc. So if your are say moving to TLS (Client certificates) it should still just work. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 E-Mail:

Re: [WIRELESS-LAN] Nyansa Voyance - thoughts?

For those of you who are Aruba shops, Do you see this as a replacement for Airwave? I didn’t see anything like Visual RF. I looked at the demo, and while intriguing, at $30 per AP I’d have a hard time justifying the cost. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone:

Re: [WIRELESS-LAN] It's that time of year...

Some days I’d prefer to be working with wave lengths measured in meters rather than centimeters ;-) -Neil, N0SFH -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 E-Mail: neil-john...@uiowa.edu > On Dec 3, 2015, at 6:43 AM, Jorj Bauer

Re: [RADIATOR] Feature request - Different encryption methods in AuthBy UNIX

day, 2 November, 2015 20:09, "Johnson, Neil M" <neil-john...@uiowa.edu> > said: > >> Radiator 4.16 on the test box and Radiator 4.13 in production. >> >> It appears the password is in SHA-512 format ($6$ prefix), but it didn’t >> work on the

Re: [RADIATOR] Feature request - Different encryption methods in AuthBy UNIX

twork Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 E-Mail: neil-john...@uiowa.edu > On Nov 2, 2015, at 1:33 AM, Tuure Vartiainen <varti...@open.com.au> wrote: > > Hi, > >> On 30 Oct 2015, at 20:32, Johnson, Neil M <neil-john...@uiowa.edu

Re: [RADIATOR] Is this config possible?

Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 E-Mail: neil-john...@uiowa.edu > On Oct 30, 2015, at 6:37 AM, Tuure Vartiainen <varti...@open.com.au> wrote: > > Hi, > >> On 29 Oct 2015, at 20:18, Johnson, Neil M <ne

[RADIATOR] Feature request - Different encryption methods in AuthBy UNIX

Would it be possible to add a directive to the method to specify different password encryption methods. For instance I’m testing RADIATOR on an Ubuntu Server and doesn’t work because the Ubuntu uses a different hash/encryption method in their /etc/shadow file. If I manually encrypt the

[RADIATOR] Is this config possible?

I would like to authenticate users against the system’s UNIX password file and then return attributes based on the UNIX group the user belongs to. Will the following work? Thanks! -Neil Example Config: # In the radius.cfg file... # Client Definitions Identifier

Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in the dorms- quick Survey

ucture & Media Solutions > > (434) 592-4229 > > LIBERTY UNIVERSITY > Training Champions for Christ since 1971 > > -Original Message- > From: Johnson, Neil M [mailto:neil-john...@uiowa.edu] > Sent: Thursday, September 3, 2015 12:08 PM > Subject: Re: Supporti

Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in the dorms- quick Survey

We are investigating a device net at UofI so, I would be interested in hearing from anyone who has implemented a Device Net with Clearpass. Thanks. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 E-Mail: neil-john...@uiowa.edu > On Sep 3,

Bug#794100: (no subject)

I can confirm this bug as well. /etc/softhsm/softhsm.conf (minus comments) reads: 0:/var/lib/lib/softhsm/slot0.db But it should read: 0:/var/lib/softhsm/slot0.db

Re: [RADIATOR] OpenSSL version.

The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 E-Mail: neil-john...@uiowa.edu On Aug 18, 2015, at 3:16 PM, Heikki Vatiainen h...@open.com.au wrote: On 08/18/2015 10:51 PM, Johnson, Neil M wrote: I’m running on a windows box, and don’t have compilers installed to compile modules

Re: [RADIATOR] OpenSSL version.

in require at (eval 54) line 2, CONFIG line 112. -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 E-Mail: neil-john...@uiowa.edu On Aug 18, 2015, at 9:40 AM, Heikki Vatiainen h...@open.com.au wrote: On 18.8.2015 1.00, Johnson, Neil M wrote: Dropped

Re: [RADIATOR] OpenSSL version.

Vatiainen h...@open.com.au wrote: On 18.8.2015 1.00, Johnson, Neil M wrote: Dropped back to 5.18.2.1802 and still doesn’t find Win32::Daemon on Win32::Lsa Hello Neil, please see below for my notes about ActivePerl 5.18.4.1805 on Win2008R2. C:\Perl64\binppm install Win32::Daemon

Re: [RADIATOR] OpenSSL version.

...@uiowa.edu On Aug 18, 2015, at 2:12 PM, Heikki Vatiainen h...@open.com.au wrote: On 08/18/2015 09:11 PM, Johnson, Neil M wrote: I upgraded to 5.20.2.2002 which has a working Win32::Daemon. I was able to also also install Win32::Lsa from the RADIATOR distribution. The modules

Re: [RADIATOR] OpenSSL version.

:08 AM, Heikki Vatiainen h...@open.com.au wrote: On 08/15/2015 12:20 AM, Johnson, Neil M wrote: I removed the OSC NET::SSLeay ppm from my Windows system and now I’m using the Active States version of OpenSSL, which is OpenSSL 1.0.1e 11 Feb 2013 and vulnerable to Heartbleed. Hello Neil

Re: [RADIATOR] OpenSSL version.

335-2951 E-Mail: neil-john...@uiowa.edu On Aug 14, 2015, at 2:34 PM, Johnson, Neil M neil-john...@uiowa.edu wrote: We are running RADIATOR 4.15 using Active State PERL on Windows Server 2008R2. How do we determine which version of Open SSL being used by Radiator? I installed NetSSLeay

[RADIATOR] OpenSSL version.

We are running RADIATOR 4.15 using Active State PERL on Windows Server 2008R2. How do we determine which version of Open SSL being used by Radiator? I installed NetSSLeay module provided by OSC (version 1.49) but I also have the Active State version (version 1.52). Thanks. -Neil -- Neil

Re: [RADIATOR] OpenSSL version.

-john...@uiowa.edu On Aug 14, 2015, at 3:07 PM, Johnson, Neil M neil-john...@uiowa.edu wrote: I ran the following PERL script on the Windows box: use NET::SSLeay my $type = 0; my $ver_string = Net::SSLeay::SSLeay_version($type); print $ver_string; which returned: OpenSSL 0.9.8i 15

Re: Importing subversion into git: e-mails requested and force push coming up!

You can use this email address for me. The two commits I've done so far aren't anything significant so if they get clobbered its no big deal. Another thing I've been trying to figure out is their release system. The documentation suggests that you want to tag a release to the master, but

Re: libmetalink new release moving to github, should other projects move to github?

On 2015-07-01 23:46, Anthony Bryan wrote: On Wed, Jul 1, 2015 at 6:53 PM, Neil M. nabbe...@gmail.com wrote: I don't have a github account. I've generally steered clear of git due to ugly Windows support compared to subversion. But it looks like github has branched out to support subversion

Re: libmetalink new release moving to github, should other projects move to github?

On 2015-07-02 11:02, Neil M wrote: On 2015-07-01 23:46, Anthony Bryan wrote: On Wed, Jul 1, 2015 at 6:53 PM, Neil M. nabbe...@gmail.com wrote: I don't have a github account. I've generally steered clear of git due to ugly Windows support compared to subversion. But it looks like github

Re: libmetalink new release moving to github, should other projects move to github?

On 2015-07-02 11:33, Anthony Bryan wrote: On Thu, Jul 2, 2015 at 11:02 AM, Neil M nabbe...@gmail.com wrote: On 2015-07-01 23:46, Anthony Bryan wrote: On Wed, Jul 1, 2015 at 6:53 PM, Neil M. nabbe...@gmail.com wrote: I don't have a github account. I've generally steered clear of git

Re: [RADIATOR] AuthByLSA group issue if DC controller is unavailable.

, do you have the DomainController variable set? The way I'm reading this code, it should call the GetAnyDomainController each time the sub routine is called unless that variable is set. Robert Fisher Systems Administrator Sitestar Internet Services On 4/3/2015 9:17 AM, Johnson, Neil M

[RADIATOR] AuthByLSA group issue if DC controller is unavailable.

We are having issues with Authentication failures using AuthByLSA when the workstation fails over to another Domain Controller. The issue is that we do a group membership check in our AuthByLSA Handler. It appears from the code below that if you don’t specify a DC it picks one the first time

[Bug 722201] Re: CTDB port is not aware of Ubuntu-specific NFS Settings

This seems to be impacting me on 14.04 as well. I am only trying to use CTDB with Samba: /var/log/ctdb/log.ctdb: 2014/12/19 10:42:23.770789 [ 1077]: startup event failed 2014/12/19 10:42:28.771410 [ 1077]: Recoveries finished. Running the startup event. 2014/12/19 10:42:28.891893 [ 1077]:

[Bug 722201] Re: CTDB port is not aware of Ubuntu-specific NFS Settings

I was able to make some tweaks and get it running for Samba. Looks like these could also apply to upstream Debian. The service command is in a different path: root@san1:/etc/ctdb# diff -u functions functions.orig --- functions 2014-12-19 11:24:12.660339600 -0500 +++ functions.orig

[Bug 722201] Re: CTDB port is not aware of Ubuntu-specific NFS Settings

There is a related Samba bug #1321369 open to address the second patch I attached. It seems that my patch is probably the preferred fix for now as /etc/init.d/samba is still buggy. https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1321369 -- You received this bug notification because you

[Bug 1376002] [NEW] Apache won't start with default config

Public bug reported: root@amargosa:/etc/apache2# lsb_release -rd Description:Ubuntu 14.04.1 LTS Release:14.04 root@amargosa:/etc/apache2# apt-cache policy ocsinventory-server ocsinventory-server: Installed: 2.0.5-1.1 Candidate: 2.0.5-1.1 Version table: *** 2.0.5-1.1 0

[RADIATOR] SHA-2 SSL Certificate Support

Does RADIATOR support SHA-2 in SSL certificates ? Our security office is recommending that we get new certs sooner than later. https://www.comodo.com/e-commerce/SHA-2-transition.php -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 E-Mail:

RE: [WIRELESS-LAN] guest wireless

- You’re saying ATT charges you for this? Do you charge them back for the Wi-Fi offload? -Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Neil M Sent: Friday, September 12, 2014 11:13 AM To: WIRELESS-LAN

iOS 8 drops tomorrow

We’ve add some additional bandwidth to the links between our wireless nets and campus in anticipation of heavy traffic tomorrow. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 E-Mail: neil-john...@uiowa.edu ** Participation and

RE: [WIRELESS-LAN] guest wireless

We contracted with ATT to handle guests and visitors. We advertise their SSID (attwifi) on our wireless infrastructure and then hand the traffic off to them via boxes called Network Management Devices (NMD) that they provide. They tunnel the traffic to their cloud via our Internet connection.

Re: [Bug 1335540] Re: ctdb service crashes on start

Yes that did it! I simplified to: mkdir -p /var/lib/run/ctdb Looking forward to the bugfix for this. On 7/27/2014 11:30 PM, mikhail wrote: you need just run in terminal two command to solve this: mkdir /var/lib/run mkdir /var/lib/run/ctdb mail me to kazan...@mail.ru if it help to you. --

Bug#749988: (no subject)

I think this was incorrectly reassigned to package ctdb it looks like the initial assignment of ntdb was correct. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

[Bug 1335540] [NEW] ctdb service crashes on start

Public bug reported: System information: root@san1:/var/log/ctdb# lsb_release -rd Description: Ubuntu 14.04 LTS Release: 14.04 root@san1:/var/log/ctdb# apt-cache policy ctdb ctdb: Installed: 2.5.1+debian0-1 Candidate: 2.5.1+debian0-1 Version table: *** 2.5.1+debian0-1 0 500

[RADIATOR] Differences in specifying EAP certificates in configuration

Should I be doing this: EAPTLS_CAFile %D/certificates/prod2017/net-auth-1_its_uiowa_edu.cer EAPTLS_CertificateFile %D/certificates/prod2017/net-auth-1_its_uiowa_edu_cert.cer EAPTLS_CertificateType PEM EAPTLS_PrivateKeyFile

RE: [WIRELESS-LAN] requests for open, unauthenticated, no portal WiFi

We get requests every 3-4 months to create an open SSID for on-campus Board of Regents Meetings. Our solution was to contract with ATT WiFi to provide guest access across campus. We advertise the attwifi SSID on our wireless infrastructure, hand off layer two traffic to an appliance provided

[RADIATOR] Disconnecting Users

How do I disconnect users via RADIUS using RADIATOR ? My NAS (An aruba-wireless controller) supports RFC 3576. -Neil signature.asc Description: Message signed with OpenPGP using GPGMail ___ radiator mailing list radiator@open.com.au

[RADIATOR] Perl script to check Open SSL version...

We are running RADIATOR on Windows using Active State PERL and the RADIATOR supplied open SSL perl module. The OpenSSL library appears the version is 0.9.8, so I think we are good. You can test the version of OpenSSL being using by your PERL installation with the following script: use

[RADIATOR] HeartBleed Security Vulnerability

If you are running RADIATOR on Windows with ActiveState PERL and not running the custom Open Systems Net-SSLeay library, You can follow the the following link to see if your version of ActiveState is vulnerable to the HeartBleed bug. http://community.activestate.com/node/10856 -Neil -- Neil

[RADIATOR] Serious Open SSL bug

Just received notice from our security folks about this bug which may lead to leaking of the private key used to sign SSL certs and encrypt traffic. More info can be of found here: http://heartbleed.com/ Are you guys aware of this and have plans to update the PERL SSL module for RADIATOR ?

Re: [WIRELESS-LAN] Cisco LWAP disable DNS resolver

Follow up. Cisco has it down as a bug to be fixed in future release and recommends that we put an ACL in place to filter incoming DNS requests. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: +1 319 384-0938tel:+13193840938 Fax: +1 319 335-2951tel:+13193352951 E-Mail:

Cisco LWAP disable DNS resolver

We are testing a few Cisco LWAP's and our security office dinged us in a scan because they are acting as open DNS resolvers. I can't find a way to turn that feature off. Any ideas ? -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: +1 319 384-0938tel:+13193840938 Fax: +1

Re: [RADIATOR] Suggestion for Error Message in AuthByLSA / MSCHAPv2

The University of Iowa Phone: +1 319 384-0938 tel:+13193840938 Fax: +1 319 335-2951 tel:+13193352951 E-Mail: neil-john...@uiowa.edu Lync: neil-john...@uiowa.edu sip:neil-john...@uiowa.edu On 12/10/13 9:27 AM, Heikki Vatiainen h...@open.com.au wrote: On 12/09/2013 06:29 PM, Johnson, Neil M

Re: [RADIATOR] Suggestion for Error Message in AuthByLSA / MSCHAPv2

...@uiowa.edu sip:neil-john...@uiowa.edu On 11/26/13 3:27 AM, Heikki Vatiainen h...@open.com.au wrote: On 11/22/2013 05:53 PM, Johnson, Neil M wrote: We are using AuthByLSA and EAP/PEAP/MSCHAPv2 for wireless authentication. The only message we see in our AuthLog when a user is either non

Re: [RADIATOR] Missing info from error message

It does appear that there are issues cascading RADIATOR servers that are all using AuthBy EAPBALANCE because the RADIUS State attribute used to track the EAP conversations gets mangled as the message progresses through the chain of servers. To make things work with the US NTLRS servers they

Re: [WIRELESS-LAN] loadbalacing WPA2 802.1X traffic between controller and radius servers

.html and let me know if you have any thoughts. Jethro. On Tue, 26 Nov 2013, Johnson, Neil M wrote: We are running RADIATOR on Windows Boxes (long story). The boxes are configured with 6 child processes and 1 parent process. The parent process uses AuthBy EAPBALANCE to distribute

Re: [WIRELESS-LAN] loadbalacing WPA2 802.1X traffic between controller and radius servers

We are running RADIATOR on Windows Boxes (long story). The boxes are configured with 6 child processes and 1 parent process. The parent process uses AuthBy EAPBALANCE to distribute the EAP authentications across the child processes. Using EAPBALANCE insures that each EAP conversation makes it

[RADIATOR] Suggestion for Error Message in AuthByLSA / MSCHAPv2

We are using AuthByLSA and EAP/PEAP/MSCHAPv2 for wireless authentication. The only message we see in our AuthLog when a user is either non-existiant or has a bad password is: Nov 22 03:33:13 itsnt552.iowa.uiowa.edu c: \Perl64\bin\radiusd[2056]: 03:33:13 | A0-F4-50-AF-8A-76 |

Re: [WIRELESS-LAN] Force Windows to send UPN

...@brandeis.edumailto:cappa...@brandeis.edu On Nov 15, 2013 10:42 AM, Johnson, Neil M neil-john...@uiowa.edumailto:neil-john...@uiowa.edu wrote: Here is what we ended up doing. Quoted from our Enterprise Client Team e-mail….. We have had some reported issues with the Eduroam single sign on GPO

Re: [WIRELESS-LAN] Force Windows to send UPN

Here is what we ended up doing. Quoted from our Enterprise Client Team e-mail….. We have had some reported issues with the Eduroam single sign on GPO. The GPO, called _PUBLIC-Eduroam Wireless Config, allows laptops to connect to Eduroam before logon as long as the UPN is used as the username –

Re: [RADIATOR] AuthLog SYSLOG on Windows Server ?

Heikki, Can you specify more than one SYSLOG host to send messages to ? We would like to send messages to two different servers for redundancy. I tried adding a second IP address to the LogHost attribute, but it doesn't seem to work. For AuthLog SYSLOG I just created a second AuthLog section

Re: [RADIATOR] AuthLog SYSLOG on Windows Server ?

Administrator Sitestar Internet Services On 10/28/2013 11:54 AM, Johnson, Neil M wrote: Can you use AuthLog SYSLOG on Windows ? According to the Manual Log SYSLOG only works on UNIX systems, but nothing is mentioned in the section of the manual for AuthLog SYSLOG. Thanks. -Neil -- Neil

Re: [RADIATOR] AuthLog SYSLOG on Windows Server ?

...@uiowa.edu Lync: neil-john...@uiowa.edu sip:neil-john...@uiowa.edu On 10/29/13 11:10 AM, Heikki Vatiainen h...@open.com.au wrote: On 10/29/2013 04:29 PM, Johnson, Neil M wrote: My colleague tried it, and had no success. We verified firewall rules, etc. A packet sniff taken directly

[RADIATOR] AuthLog SYSLOG on Windows Server ?

Can you use AuthLog SYSLOG on Windows ? According to the Manual Log SYSLOG only works on UNIX systems, but nothing is mentioned in the section of the manual for AuthLog SYSLOG. Thanks. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: +1 319 384-0938tel:+13193840938 Fax:

Prepare for the crush (again).

OS X (Mavericks) will be available ~2:00 CST today for free …. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: +1 319 384-0938tel:+13193840938 Fax: +1 319 335-2951tel:+13193352951 E-Mail: neil-john...@uiowa.edumailto:neil-john...@uiowa.edu Lync:

Bug#720111: fake-hwclock with Read Only Root

Package: fake-hwclock Version: 0.5 Currently the package writes its data to /etc/fake-hwclock.data. In a read-only root scenario, as might be desired for Raspberry Pi, this is less than ideal: https://wiki.debian.org/ReadonlyRoot Based on the man page it looks like the easy fix for this is to

Network Engineer Position at the University of Iowa

Information Technology Services (ITS) at the University of Iowa has an opening for a Network Engineer on the Network Services Team within Enterprise Infrastructure. The position is part of a team responsible for the design, architecture, performance and maintenance of the entire campus data

Re: [RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication Failing)

-john...@uiowa.edu On 7/29/13 6:37 AM, Sami Keski-Kasari sam...@open.com.au wrote: Hello Neil, Can you reply with Trace 4 logfile so that we can see what happens? Best Regards, Sami On 07/26/2013 10:39 PM, Johnson, Neil M wrote: I had our server folks completely re-install windows

Re: [RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication Failing)

I had our server folks completely re-install windows on the server and I'm still getting the same problem (Accounting requests are processing fine. EAP Authentication id failing). I'm using the same version of RADIATOR, Perl, Perl modules, certificates, and configuration as 8 other servers

Re: [RADIATOR] ipv6::: bind results in no match on IPv4 client

Heikki, Is there a recommended version of PERL to run Radiator 4.11 on? I'm running a fairly old version on my windows boxen (Active State 5.12)? Thanks. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail:

[RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication Failing)

Well we rolled back to an image of the system made the day before the change and it started working. AndŠ we managed to break it again uninstalling Symantec and installing Microsoft's Anti-virus like we did before. I agree that something is hosing the network stackŠ. Definitely not a RADIATOR

Re: [RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication Failing)

Well, according to our server support folks, they performed this same procedure on our other 8 RADIUS servers and didn't have any issues. They were using SCCM (Microsoft's System Center Configuration Manager) to automate the uninstall and re-install of the software rather than a manual

[RADIATOR] EAP PEAP Authentication Failing

Last Thursday our Server support group uninstalled Symantec Anti-Virus, and installed Microsoft's System Center Endpoint Protection (SCEP) on one of our RADIUS servers. Since then it has been failing to authenticate wireless users although it is processing accounting requests just fine. Our

Re: [RADIATOR] EAP PEAP Authentication Failing

-install RADIATOR first. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: neil-john...@uiowa.edu On 6/25/13 12:32 PM, Heikki Vatiainen h...@open.com.au wrote: On 06/25/2013 06:45 PM, Johnson, Neil M wrote: Below

[Puppet Users] Re: Puppet Management with Dual Boot Workstation

Great, that makes sense, thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to

[Puppet Users] Puppet Management with Dual Boot Workstation

Hi everyone, I'm trying to figure out what is the best way to handle a single system that dual boots with a puppet client running in each. In this case we are talking about Ubuntu 12.04 and Windows 8. Should I just copy the certificate from one OS to the other? Should I have a different

Re: [WIRELESS-LAN] RF interference from 802.11

We faced the same situation in a building with multiple tenants. Researchers with labs didn't want wireless because they were concerned that it would interfere with their equipment (They didn't want to spend the money to shield the equipment) while people in the office spaces wanted it. The

[jboss-user] [jBPM] - Re: jbpm-console can only see Evaluation process

Neil M [https://community.jboss.org/people/neilmc] created the discussion Re: jbpm-console can only see Evaluation process To view the discussion, visit: https://community.jboss.org/message/821347#821347 -- Hi Thomas, Thanks

[jboss-user] [jBPM] - Re: jbpm-console can only see Evaluation process

Neil M [https://community.jboss.org/people/neilmc] created the discussion Re: jbpm-console can only see Evaluation process To view the discussion, visit: https://community.jboss.org/message/821357#821357 -- Ad, it's now working

  1   2   3   4   5   >