Presentation is loading. Please wait.

Presentation is loading. Please wait.

Connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade,

Published byAnya Havill Modified over 9 years ago

Similar presentations

Presentation on theme: "Connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade,"— Presentation transcript:

1 connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade, 12 September 2011

2 connect communicate collaborate Eduroam in Norway

3 connect communicate collaborate Eduroam Architecture Inst. A 1 Inst. A 2 Nation A Radsec Proxy Inst. B 1 Inst. B 2 Nation B Radsec Proxy Top level RADIUS

4 connect communicate collaborate Issues User unable to connect while roaming. How to locate the problem ? Is it at the client device, station ID, visiting institution's radius server, national proxy or home radius server ?

5 connect communicate collaborate Challenges Distributed architecture Inter-institution/international roaming Heterogeneous environment (FreeRadius, Microsoft radius server etc..) Encrypted traffic Privacy issues

6 connect communicate collaborate History 6 Radius log files are nice, BUT…. Debugging eduroam is complicated Lack of access to radius logs on other levels The guys who did something about it Gurvinder Singh Jardar Leira Kolbjorn Barmen Tore Kristiansen Gunnar Boe

7 connect communicate collaborate Edudbg Design Due to the mentioned challenges, edudbg monitors the request logs at national radsec proxy level. Parse and store the information in a easily accessible and searchable way to help in finding the problem at hand.

8 connect communicate collaborate Edudbg's Components Edudbg-logger Parse & store the radsec proxy log file in to the database. Edudbg-webservice Reads the database for search and make it easily accessible for users/administrators. Authentication plug-in Authorisation plug-in

9 connect communicate collaborate Privacy issues Access to RADIUS logs on higher level can expose information (who, where, when) about people from other organisations Solution: Supports federated security systems e.g. Feide. Only grant access to information related to your own organisation No more information exposed than you already have access to 9

10 connect communicate collaborate Edudbg Architecture Federated login

11 connect communicate collaborate Edudbg-webservice Reads the database and allows user to access debug information in user friendly way. Hides the complexity caused by eduroam architecture and makes debugging easy.

12 connect communicate collaborate Edudbg Usage scenario Edudbg can be used to detect the connection failure. It can also be used by administrators for proactive maintenance e.g. detecting radius server loops.

13 connect communicate collaborate Demo interface file:///F:/all/GigaCampus/Mobilitet/edudbg/documentatio n%20examle.htm file:///F:/all/GigaCampus/Mobilitet/edudbg/documentatio n%20examle.htm http://eduroam.no

14 connect communicate collaborate Eduroam Architecture Inst. A 1 Inst. A 2 Nation A Radsec Proxy Inst. B 1 Inst. B 2 Nation B Radsec Proxy Top level RADIUS

15 connect communicate collaborate Use cases (missing realm) Missing realm name causes the national proxy to forward the request to local radius server. Whereas the given user does not belong to this organization, where request has been rejected.

16 connect communicate collaborate Use cases (incorrect realm) Misspelled realm name causes the national proxy to forward the request to top level servers and thus request has been rejected.

17 connect communicate collaborate Use cases (incorrect password) The contents of request seems to be fine and request has been routed to correct home server. The reason for getting access-reject is at the home institution side and most likely is incorrect password.

18 connect communicate collaborate Use cases (Radius Server Loop) The contents of request seems to be fine and request has been routed to correct home server. But the request comes from the same institution and routed back to the same. This should not happen, as institution should forward request to national proxy only if the user is from another institution.

19 connect communicate collaborate Edudbg Experience Our experience from running the edudbg service till yet shows that almost 70 - 80% issues occurs due to incorrect information sent in request e.g. misspelled username, password or incorrect realm. Edudbg helps in debugging of the mentioned cases. To get more deep in to the problem, it requires log information from local institution which requires further discussion.

20 connect communicate collaborate Discussion Should we deploy at national proxy level or institutional level. Should log information be in fixed format or default format. For how long should such information records be kept in database.

21 connect communicate collaborate Useful links Wireless best practice: http://www.terena.org/activities/campus-bp/bpd.html Slides from this workshop: https://ow.feide.no/geantcampus:wireless_sept_2011

22 connect communicate collaborate More information / Contact GEANT3 NA3 Task 4: Campus Best Practice http://www.geant.net/About_GEANT/Campus_Best_Practice/Pages/home.aspx http://http://www.terena.org/activities/campus-bp/ gn3campus@uninett.no Look out for more BPDs coming along… Subscribe to announcements campus-bp-announcements@terena.org 22

23 connect communicate collaborate Thank you! Contact: campus@uninett.n o

Download ppt "Connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade,"

Similar presentations

Inter WISP WLAN roaming

Inter WISP WLAN roaming
eduroam Delegate Authentication System with Shibboleth SSO

eduroam Delegate Authentication System with Shibboleth SSO
Joining eduroam Wireless Roaming for Education and Research.

Joining eduroam Wireless Roaming for Education and Research.
RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
Connect communicate collaborate Campus Best Practice Vidar Faltinsen, UNINETT Nordunet 2009 Copenhagen, 17 September 2009.

Connect communicate collaborate Campus Best Practice Vidar Faltinsen, UNINETT Nordunet 2009 Copenhagen, 17 September 2009.
Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,

Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,
Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee

Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee
Connect communicate collaborate Campus Best Practice (GN3/NA3/T4) and the Norwegian GigaCampus project Vidar Faltinsen, UNINETT Network Monitoring Workshop.

Connect communicate collaborate Campus Best Practice (GN3/NA3/T4) and the Norwegian GigaCampus project Vidar Faltinsen, UNINETT Network Monitoring Workshop.
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,

Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,
Using the Self Service BMC Helpdesk

Using the Self Service BMC Helpdesk
OhioNET EZProxy Service

OhioNET EZProxy Service
Terena Mobility Taskforce update Klaas Wierenga SURFnet.

Terena Mobility Taskforce update Klaas Wierenga SURFnet.
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
Presenter: James Huang Date: Sept. 29, 2014 1.  HTTP and WWW  Bottle Web Framework  Request Routing  Sending Static Files  Handling HTML  HTTP Errors.

Presenter: James Huang Date: Sept. 29,  HTTP and WWW  Bottle Web Framework  Request Routing  Sending Static Files  Handling HTML  HTTP Errors.
Connect communicate collaborate DRAFT ON NETWORK MANAGEMENT ARCHITECTURE Esad Saitovic, Ivan Ivanovic AMRES Network monitoring workshop for GN3/NA3/T4.

Connect communicate collaborate DRAFT ON NETWORK MANAGEMENT ARCHITECTURE Esad Saitovic, Ivan Ivanovic AMRES Network monitoring workshop for GN3/NA3/T4.
Secure SharePoint mobile connectivity

Secure SharePoint mobile connectivity
Information Services Portal Login/Logout. LOGIN PAGE Please refer to the following pages for scenarios 1, 2 and 3 Please refer to the ‘Guest User’ User.

Information Services Portal Login/Logout. LOGIN PAGE Please refer to the following pages for scenarios 1, 2 and 3 Please refer to the ‘Guest User’ User.
Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.

Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

Similar presentations

Ads by Google