From Unallocated Space
Jump to: navigation, search



All IPv4 subnets are built off of a /21 provided by the ChaosVPN Management/Internal Devices VLAN 100 User Wired LAN VLAN 101 User Wireless LAN VLAN 102 VMWare environment for The Lab VLAN 103 DMZ for Chaos and Internet VLAN 104 Reserved for future use VLAN 105 Reserved for future use VLAN 106 Used for Point to Point connections (will expand as needed) VLAN 999

There will be more here once I get designs built out in Visio or Dia (whichever I happen to use)


   We have an LDAP server running FreeIPA and FreeRADIUS to provide authentication services.
   IP Address:
   Hostname: authentication.uas
   Web Management: https://authentication.uas

For more information about policies, groups, and configuration, please see the currently non-existent UAS FreeIPA Document RADIUS for WiFi Access

   The server is running FreeRADIUS with the LDAP plugin enabled to grant users access to the UnallocatedMembers wireless network. Please see the Wireless Access Points section for more details

Server Access via LDAP

   Users are granted different levels of access to servers based on their role within the space. Current roles are Board, Keyholder, Member, and Student. Individuals can be granted other accesses outside of their role as needed. 
   When a new server is spun up, freeipa-client should be installed. After the installation is complete, run the following command:
       “ipa-client-install --domain=uas --server=authentication.uas --realm=UAS --mkhomedir”
   Anyone with admin privileges in FreeIPA should be able to run that command
   While “--mkhomedir” is in the command, it does not work for Ubuntu server. You will need to add the following line to “/etc/pam.d/common-session”:
       “session required skel=/etc/skel/”

After adding that line, please reboot and try logging in with your LDAP credentials.