Meeting:2011/09/01

From SOWNWiki
Jump to: navigation, search

Meeting (to be) held on 2011/09/01 at 19:00 in Access Grid Room

Previous meeting: 25 August 2011 19:00:00 Next meeting: 8 September 2011 19:00:00


Minutes

  • Nodes (daveruss)
    • Adelaide Road
      • No progress


  • Admin Tasks
    • Move SOWN and trunk ports to the Access Grid room (Davetaz)
      • No progress coming to the end of the period where this is necessary.


  • Intern work (James147 and Davetaz)
      • Checkpoint firewall does not support IPv6 very well. It requires hacking init scripts and on a reboot it stops working. There is also no front end interface. This seems strange as Stonesoft (Similar commercial firewall to Checkpoint) do support IPv6. Apparently there are numerous posts suggesting that Checkpoint does not work.
    • Eduroam campus-wide (mike)
      • Nothing to report
    • Eduroam compliance
      • Nothing to report


  • SOWN Projects
    • OpenWRT backfire packages (Leth)
      • Script available for converting all nodes or an individual node however the individual node conversion may not work without first running the full migration script. DHCP event notification may not be working. Want to get nodes to connect to Auth using a client certificate to authenticate themselves. Want to get auth to reject DHCP information about a subnet that should not be assigned to node. If this happend the network would not break however users on the faulty node would not be able to log in. Certificate based login is only for configuration directories so users will not get a prompt for a cert from their browser.
    • Rebuilding VPN (Davetaz)


  • Icinga Alerts
    • AUTH DISK /
      • Disk is still filling up due to the EPOL tests. They have been moved to home to avoid filling up the system partition. We now have 70% of the / partition free.
    • SOTONRADIUSDEV
      • This server is either down or the RADIUS server is not responding however Mike was not present to verify the reason. This is a development service so it is not critical.


  • To Do List
      • Need to rewrite rad.php to support tunnels. There is no support for doing RADIUS authentication using EAP tunnels in the standard PHP libraries. The thought is to modify our RADIUS server to tunnel the connection on our behalf essentially acting as a RADIUS proxy. An alternative is to modify the configuration of the ECS radius servers. daveruss believes we should send a MS-CHAPv2 request to our RADIUS server using the examples in the PHP5 RADIUS package. The RADIUS server will then encapsulate the request in a PEAP channel forming a PEAP MS-CHAPv2 authentication request which is sent on to the ECS server. It looks like there is no freely available module for FreeRADIUS to do this so we will need to write our own. Morse believes that this should be possible, writing a custom FreeRADIUS module appears to be preferential to writing a custom PHP module.


  • AOB
Facts about "2011/09/01"
Has date19:00:00, 1 September 2011 +
Has end date20:00:00, 1 September 2011 +
Has location32/3073 +