<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
My knowledge of our 802.1X configuration is barebones and we inherited this configuration from ~20 years ago. We are seeing lots of failures in this part for a long time most likely (omitted some more sensitive details):</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0">
<Handler Client-Identifier=n8021x>
<div class="ContentPasted0">#</div>
<div class="ContentPasted0"># The rock8021x block and 8021x blocks are identical. The rock8021x block is needed as it acts</div>
<div class="ContentPasted0"># differently than the WISMs in that it does a login-user rather than a access-request. This
</div>
<div class="ContentPasted0"># interferes with the 8021x clause that we have for uic-guest support</div>
<div class="ContentPasted0">#</div>
<div class="ContentPasted0"> <AuthBy FILE></div>
<div class="ContentPasted0"> # Users must be in this file to get anywhere. In this example,</div>
<div class="ContentPasted0"> # it reques an entry for 'anonymous' which is the standard username
</div>
<div class="ContentPasted0"> # in the outer requests, and it also requires an entry for the</div>
<div class="ContentPasted0"> # actual user name who is trying to connect (ie the 'Login name' entered</div>
<div class="ContentPasted0"> # in the Funk Odyssey 'Edit Profile Properties' page</div>
<div class="ContentPasted0"> Filename %D/users</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> EAPAnonymous %0@uic.wireless</div>
<div class="ContentPasted0"> EAPType PEAP, TTLS</div>
EAPTLS_PEAPVersion 0<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0 ContentPasted1">
EAPTLS_CAFile /etc/radiator/certificatechain.crt
<div class="ContentPasted1"> EAPTLS_CertificateFile /etc/radiator/wireless.crt</div>
<div class="ContentPasted1"> EAPTLS_CertificateType PEM</div>
EAPTLS_PrivateKeyFile /etc/radiator/wireless.key<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0 ContentPasted1 ContentPasted2">
EAPTLS_MaxFragmentSize 1000<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0 ContentPasted1 ContentPasted2 ContentPasted3">
AutoMPPEKeys<br class="ContentPasted3">
EAPTLS_SessionResumption 0<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0 ContentPasted1 ContentPasted2 ContentPasted3 ContentPasted4">
</AuthBy><br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0 ContentPasted1 ContentPasted2 ContentPasted3 ContentPasted4">
<span style=""><br>
</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0 ContentPasted1 ContentPasted2 ContentPasted3 ContentPasted4">
<span style="" class="ContentPasted7"> RewriteUsername s/^([^@]+).*/$1/
<div class="ContentPasted7"> RewriteUsername s/\s+//g</div>
<div class="ContentPasted7"> RewriteUsername s/^.*\\(.*)/$1/</div>
<div class="ContentPasted7"> RewriteUsername tr/[A-Z]/[a-z]/</div>
<div><br class="ContentPasted7">
</div>
<div class="ContentPasted7"> <AuthBy SUSPEND></div>
<div class="ContentPasted7"> Dir /mnt/...</div>
<div class="ContentPasted7"> </AuthBy></div>
<div><br class="ContentPasted7">
</div>
<div class="ContentPasted7"> <AuthBy SUSPEND></div>
<div class="ContentPasted7"> Dir /mnt/...</div>
<div class="ContentPasted7"> </AuthBy></div>
<div><br class="ContentPasted7">
</div>
<div class="ContentPasted7"> <AuthBy WIRELESS></div>
<div class="ContentPasted7"> Dir /mnt/...</div>
<div class="ContentPasted7"> </AuthBy></div>
<div><br class="ContentPasted7">
</div>
AcctLogFileName %L/wireless-detail</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0 ContentPasted1 ContentPasted2 ContentPasted3 ContentPasted4">
<span style="" class="ContentPasted7"><br>
</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0 ContentPasted1 ContentPasted2 ContentPasted3 ContentPasted4">
<span style="" class="ContentPasted7"> <AuthLog SYSLOG></span><br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0 ContentPasted1 ContentPasted2 ContentPasted3 ContentPasted4 ContentPasted5">
<div class="ContentPasted5"> LogSuccess 1</div>
<div class="ContentPasted5"> LogFailure 1</div>
<div class="ContentPasted5"> Facility local0</div>
<div class="ContentPasted5"> SuccessFormat %T : '%U' from %C mac=%{Calling-Station-Id} NAS-Id=%{Called-Station-Id} PEAP-SSID=%{NAS-Identifier} -- 802.1X OK</div>
<div class="ContentPasted5"> FailureFormat %T : '%u' from %C mac=%{Calling-Station-Id} NAS-Id=%{Called-Station-Id} PEAP-SSID=%{NAS-Identifier} -- 802.1X FAILED</div>
</AuthLog><br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0 ContentPasted6">
The failure rate is about 1 out of 3! But this does not to appear to be impacting anyone. The file "users" does not exist so I assume that entire Authby is ignored.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0 ContentPasted6">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0 ContentPasted6">
What could be causing these failures? Filesystem access?</div>
<div class="elementToProof">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="Signature">
<div>
<div></div>
<div id="divtagdefaultwrapper" style="font-size: 12pt; font-family: Calibri, Arial, Helvetica, sans-serif; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<div style="font-family:Tahoma; font-size:13px">---
<div><span id="ms-rterangepaste-start"></span><span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">Roberto Ullfig - rullfig@uic.edu</span><br style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">
<span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">Systems Administrator</span><br style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">
<span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">Enterprise Applications & Services | Technology Solutions</span><br style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">
<span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">University of Illinois - Chicago</span>
<div><span id="ms-rterangepaste-end"></span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>