Connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade,

Slides:



Advertisements
Similar presentations
Inter WISP WLAN roaming
Advertisements

eduroam Delegate Authentication System with Shibboleth SSO
Joining eduroam Wireless Roaming for Education and Research.
RadSec – A better RADIUS protocol
Connect communicate collaborate Campus Best Practice Vidar Faltinsen, UNINETT Nordunet 2009 Copenhagen, 17 September 2009.
Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,
Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee
Connect communicate collaborate Campus Best Practice (GN3/NA3/T4) and the Norwegian GigaCampus project Vidar Faltinsen, UNINETT Network Monitoring Workshop.
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,
Using the Self Service BMC Helpdesk
OhioNET EZProxy Service
Terena Mobility Taskforce update Klaas Wierenga SURFnet.
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
Presenter: James Huang Date: Sept. 29,  HTTP and WWW  Bottle Web Framework  Request Routing  Sending Static Files  Handling HTML  HTTP Errors.
Connect communicate collaborate DRAFT ON NETWORK MANAGEMENT ARCHITECTURE Esad Saitovic, Ivan Ivanovic AMRES Network monitoring workshop for GN3/NA3/T4.
Secure SharePoint mobile connectivity
Information Services Portal Login/Logout. LOGIN PAGE Please refer to the following pages for scenarios 1, 2 and 3 Please refer to the ‘Guest User’ User.
Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Connect communicate collaborate RADIUS and WLAN Infrastructure Monitoring Jovana Palibrk, AMRES NA3 T2, Sofia,
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Wireless LAN Topology Visualiser Project Supervisor: Dr Arkady Zaslavsky Project Team Members: Jignesh Rambhia Robert Mark Bram Tejas Magia.
SharePoint 2010: BCS m Business Connectivity Services.
Introduction to eValid Presentation Outline What is eValid? About eValid, Inc. eValid Features System Architecture eValid Functional Design Script Log.
Lecture 12: WLAN Roaming Communities EDUROAM TM. eduroam TM eduroam (education roaming) is the secure, world-wide roaming access service developed for.
The Study of Security and Privacy in Mobile Applications Name: Liang Wei
Connect communicate collaborate Campus Best Practices Gunnar Bøe, Section Manager, Campus Networks and Systems, UNINETT Skopje, 15 Sept
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.
OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.
Middleware challenges to service providers, the Nordic view TERENA, Ingrid Melve, UNINETT.
Education roaming Secure Wireless Service for Research and Education.
Postacademic Interuniversity Course in Information Technology – Module C1p1 Contents Data Communications Applications –File & print serving –Mail –Domain.
Chapter 3.  Help you understand different types of servers commonly found on a network including: ◦ File Server ◦ Application Server ◦ Mail Server ◦
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.
Campus Best Practice in Practice e-Infrastructure Summer Workshops Sofia June 19th 2014.
Michal Procházka, Jan Oppolzer CESNET.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
A Practical Guide for Joining EduRoam EuroCAMP Torino A Practical Guide for Joining EduRoam 4 March 2005 Version 1.6.
Module 11: Remote Access Fundamentals
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
Lecture 4 Title: Network Components and Types By: Mr Hashem Alaidaros MIS 101.
Client – Server Architecture. Client Server Architecture A network architecture in which each computer or process on the network is either a client or.
Information Services Portal Login/Logout. LOGIN PAGE Please refer to the following pages for scenarios 1, 2 and 3 Please refer to the ‘Guest User’ User.
NETWORKING and the INTERNET
NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.
TeleCont A short description of the application. Presentation topics TeleCont features Users and permission levels Sending commands to field devices Receiving.
EDUROAM Michael Helm ESnet/LBL 26 Mar EduroamTAGPMA 27 Mar What Is Eduroam? The Roaming Scholar vs the Restricted Wireless Network –I am in.
Eduroam.us Operational Experiment Kevin Miller Duke University Andy Rosenzweig Merit Network ESCC/Internet2 Joint.
 Registry itself is easy and straightforward in implementation  The objects of registry are actually complicated to store and manage  Objects of Registry.
Mohammed F & Aya. Peer-to-peer network are usually common in homes and small businesses and are not necessarily expensive. On a peer-to-peer network each.
Connect. Communicate. Collaborate TERENA Networking Conference, 7 june 2005 Eduroam: past, present, and future.
Workshop roaming services: eduroam / govroam
The Diagnostic Pathfinder System Introduction Getting Started.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Client – Server Architecture A Basic Introduction 1.
Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()
© 2014 IBM Corporation Mobile Customization & Administration IBM Connections 5.0 Workshop Author: Paul Godby IBM Ecosystem Development Duration: 30 minutes.
Retele de senzori Curs 1 - 1st edition UNIVERSITATEA „ TRANSILVANIA ” DIN BRAŞOV FACULTATEA DE INGINERIE ELECTRICĂ ŞI ŞTIINŢA CALCULATOARELOR.
Port Based Network Access Control
Web Application for Home Energy Assistance Program
Architecture Review 10/11/2004
Web Programming Language
Munix for Education Content Filter, Bandwidth Control, Location Mapping, Movement Analysis, User Self Management Portal, Time Analysis, and much more ….
Web-based Console for Controlling a Wireless Sensor Network (WeConWSN)
International Scholar Dossier Training
Security - Forms Authentication
Presentation transcript:

connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade, 12 September 2011

connect communicate collaborate Eduroam in Norway

connect communicate collaborate Eduroam Architecture Inst. A 1 Inst. A 2 Nation A Radsec Proxy Inst. B 1 Inst. B 2 Nation B Radsec Proxy Top level RADIUS

connect communicate collaborate Issues User unable to connect while roaming. How to locate the problem ? Is it at the client device, station ID, visiting institution's radius server, national proxy or home radius server ?

connect communicate collaborate Challenges Distributed architecture Inter-institution/international roaming Heterogeneous environment (FreeRadius, Microsoft radius server etc..) Encrypted traffic Privacy issues

connect communicate collaborate History 6 Radius log files are nice, BUT…. Debugging eduroam is complicated Lack of access to radius logs on other levels The guys who did something about it Gurvinder Singh Jardar Leira Kolbjorn Barmen Tore Kristiansen Gunnar Boe

connect communicate collaborate Edudbg Design Due to the mentioned challenges, edudbg monitors the request logs at national radsec proxy level. Parse and store the information in a easily accessible and searchable way to help in finding the problem at hand.

connect communicate collaborate Edudbg's Components Edudbg-logger Parse & store the radsec proxy log file in to the database. Edudbg-webservice Reads the database for search and make it easily accessible for users/administrators. Authentication plug-in Authorisation plug-in

connect communicate collaborate Privacy issues Access to RADIUS logs on higher level can expose information (who, where, when) about people from other organisations Solution: Supports federated security systems e.g. Feide. Only grant access to information related to your own organisation No more information exposed than you already have access to 9

connect communicate collaborate Edudbg Architecture Federated login

connect communicate collaborate Edudbg-webservice Reads the database and allows user to access debug information in user friendly way. Hides the complexity caused by eduroam architecture and makes debugging easy.

connect communicate collaborate Edudbg Usage scenario Edudbg can be used to detect the connection failure. It can also be used by administrators for proactive maintenance e.g. detecting radius server loops.

connect communicate collaborate Demo interface file:///F:/all/GigaCampus/Mobilitet/edudbg/documentatio n%20examle.htm file:///F:/all/GigaCampus/Mobilitet/edudbg/documentatio n%20examle.htm

connect communicate collaborate Eduroam Architecture Inst. A 1 Inst. A 2 Nation A Radsec Proxy Inst. B 1 Inst. B 2 Nation B Radsec Proxy Top level RADIUS

connect communicate collaborate Use cases (missing realm) Missing realm name causes the national proxy to forward the request to local radius server. Whereas the given user does not belong to this organization, where request has been rejected.

connect communicate collaborate Use cases (incorrect realm) Misspelled realm name causes the national proxy to forward the request to top level servers and thus request has been rejected.

connect communicate collaborate Use cases (incorrect password) The contents of request seems to be fine and request has been routed to correct home server. The reason for getting access-reject is at the home institution side and most likely is incorrect password.

connect communicate collaborate Use cases (Radius Server Loop) The contents of request seems to be fine and request has been routed to correct home server. But the request comes from the same institution and routed back to the same. This should not happen, as institution should forward request to national proxy only if the user is from another institution.

connect communicate collaborate Edudbg Experience Our experience from running the edudbg service till yet shows that almost % issues occurs due to incorrect information sent in request e.g. misspelled username, password or incorrect realm. Edudbg helps in debugging of the mentioned cases. To get more deep in to the problem, it requires log information from local institution which requires further discussion.

connect communicate collaborate Discussion Should we deploy at national proxy level or institutional level. Should log information be in fixed format or default format. For how long should such information records be kept in database.

connect communicate collaborate Useful links Wireless best practice: Slides from this workshop:

connect communicate collaborate More information / Contact GEANT3 NA3 Task 4: Campus Best Practice Look out for more BPDs coming along… Subscribe to announcements 22

connect communicate collaborate Thank you! Contact: o

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.