Network

Hardware

• Cisco WS-C2960-48TT-L
• Cisco 2950SX 24
• Cisco 2948G-L3 48
• Juniper SSG5
• Buffalo Technology WZR-AG300H
• Netgear GS724TR
• Supermicro machine with 4x NICs for 8Gbps routing with Vyatta

Subnets

All IPv4 subnets are built off of a /21 provided by the ChaosVPN

There will be more here once I get designs built out in Visio or Dia (whichever I happen to use)

LDAP

   We have an LDAP server running FreeIPA and FreeRADIUS to provide authentication services.
   IP Address: 10.0.1.5
   Hostname: authentication.uas
   Web Management: https://authentication.uas

For more information about policies, groups, and configuration, please see the currently non-existent UAS FreeIPA Document RADIUS for WiFi Access

   The server is running FreeRADIUS with the LDAP plugin enabled to grant users access to the UnallocatedMembers wireless network. Please see the Wireless Access Points section for more details

Server Access via LDAP

   Users are granted different levels of access to servers based on their role within the space. Current roles are Board, Keyholder, Member, and Student. Individuals can be granted other accesses outside of their role as needed. 

   When a new server is spun up, freeipa-client should be installed. After the installation is complete, run the following command:
       “ipa-client-install --domain=uas --server=authentication.uas --realm=UAS --mkhomedir”
   Anyone with admin privileges in FreeIPA should be able to run that command
   While “--mkhomedir” is in the command, it does not work for Ubuntu server. You will need to add the following line to “/etc/pam.d/common-session”:
       “session required        pam_mkhomedir.so skel=/etc/skel/”

After adding that line, please reboot and try logging in with your LDAP credentials.