Network

From Unallocated Space
Revision as of 16:16, 20 February 2018 by Flay (talk | contribs)
Jump to navigation Jump to search

Hardware

Subnets

All IPv4 subnets are built off of a /21 provided by the ChaosVPN

10.101.0.0/24 Management/Internal Devices VLAN 100
10.101.1.0/24 User Wired LAN VLAN 101
10.101.2.0/24 User Wireless LAN VLAN 102
10.101.3.0/24 VMWare environment for The Lab VLAN 103
10.101.4.0/24 DMZ for Chaos and Internet VLAN 104
10.101.5.0/24 Reserved for future use VLAN 105
10.101.6.0/24 Reserved for future use VLAN 106
10.101.7.0/28 Used for Point to Point connections (will expand as needed) VLAN 999


There will be more here once I get designs built out in Visio or Dia (whichever I happen to use)


LDAP

   We have an LDAP server running FreeIPA and FreeRADIUS to provide authentication services.
   IP Address: 10.0.1.5
   Hostname: authentication.uas
   Web Management: https://authentication.uas

For more information about policies, groups, and configuration, please see the currently non-existent UAS FreeIPA Document RADIUS for WiFi Access

   The server is running FreeRADIUS with the LDAP plugin enabled to grant users access to the UnallocatedMembers wireless network. Please see the Wireless Access Points section for more details

Server Access via LDAP

   Users are granted different levels of access to servers based on their role within the space. Current roles are Board, Keyholder, Member, and Student. Individuals can be granted other accesses outside of their role as needed. 
   When a new server is spun up, freeipa-client should be installed. After the installation is complete, run the following command:
       “ipa-client-install --domain=uas --server=authentication.uas --realm=UAS --mkhomedir”
   Anyone with admin privileges in FreeIPA should be able to run that command
   While “--mkhomedir” is in the command, it does not work for Ubuntu server. You will need to add the following line to “/etc/pam.d/common-session”:
       “session required        pam_mkhomedir.so skel=/etc/skel/”

After adding that line, please reboot and try logging in with your LDAP credentials.