Ubuntu 13.04 Corporate wireless connectivity issues

Event log entry in Windows NPS

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

Authentication Type: PEAP
EAP Type: –
Account Session Identifier: –
Logging Results: Accounting information was written to the local log file.
Reason Code: 265
Reason: The certificate chain was issued by an authority that is not trusted.

 

Solution

Remove “System-cs-cert=true” from /etc/NetworkManager/system-connections/<SSID>

I have noticed that you need to remove this entry every time you edit the SSID, even if you leave it in there and set it to false.

Configure SNMPv3 read write access for HP and Cisco switches, routers, etc.

HP switches

tested on the following gear

  • E-series 3800


snmpv3 enable
(complete the wizard)
snmpv3 group managerpriv user <user-name> sec-model ver3
snmpv3 user <user-name> auth md5 <password> priv des <password>

 

Cisco switches and routers

tested on the following gear

  • switch: 3750
  • router: 3845


snmp-server group v3ReadWrite v3 priv read v1default write v1default
snmp-server user <user-name> v3 auth md5 <password> priv des <password>

note:If your software version doesn’t support encryption, then you will not be able to have authentication encrypted. You may verify you software version with the ‘show version’ command

How-to recover deleted photos from a flash drive

I used this software awhile ago to recover some photos that were deleted from a flash drive and it worked great. Just posting it here incase I have a need for it again it can quickly be located.

Link: http://www.cgsecurity.org/wiki/PhotoRec

IPHTTPS interface creation failure (error: 0x643)

OS: Windows 8
Issue: DirectAccess connection will not complete
Cause: I believe this to be related to updating the Intel wireless drivers
Solution: Still trying to find it


C:\Users\virtrick>netsh int https show int

Interface IPHTTPSInterface (Group Policy) Parameters
————————————————————
Role : client
URL : https://das.virtualrick.com:443/IPHTTPS
Last Error Code : 0x643
Interface Status : IPHTTPS interface creation failure

HP A-Series to Cisco LACP switchport link-aggregation

Left side: HP 5820

Create the bridge-aggregate interface

int br50
link-aggregation mode dynamic
quit

Join the member ports to the bridge-aggregate

int gi1/0/48
port link-aggregation group 50
quit

Configure the bridge-aggregate

int br50
port link-type trunk
port trunk permit vlan ${vlan-list}
quit

Add member ports to bridge-aggregate
int gi2/0/48
port link-aggregation group 50
quit

YOUR DONE…..on this side

 

 

Right side: Cisco 3020 blade switch

 Create port-channel by adding first member


int gi0/21
channel-group 1 mode active

configure the port-channel

int po1
switchport nonegotiate
switchport mode trunk
switchport trunk allowed vlan ${vlan-list}
end

Add members to port-channel

int gi0/22
channel-group 1 mode active
end

Done on this side…. don’t forget to verify!

 

Useful commands

description / HP / Cisco
determine member port state / dis link summary / show ether summary
determine which ports are members / dis link verbose br50 / show ether summary
debug lacp / debug link-aggregation all / debug lacp

 

Other notes

  • ensure that your VLAN list is identical on both sides. If they are not, it will cause the member ports to not become selected.

 

External monitor turns black & white when docked

The issue

When docking my Lenovo T430 laptop running Windows 8, one of my two Acer S240HL monitors goes black & white; always monitor 1 of 2.

The band-aide

  1. Open the NVIDA control panel
  2. Notice “Digital vibrance” has changes to 0%
    • Capture
  3. Click “Restore Defaults” in the top right corner and click Apply. This will return the setting to 50%

The permanent fix

In the recent round of Windows updates there appears to have been a fix. The issue fixed it self…

RADIUS authentication w/ HP A-series and E-series equipment

It’s very useful to use RADIUS for authentication. This post is aimed at providing the quick and dirty details to make it happen on the HP A-series and E-series equipment.

Important note: Be sure to set a local manager account on all switches before enabling RADIUS. If you do not set a local manager account and RADIUS is not reachable, then you will not be able to manager your gear.

A-Series

Tested on: 5920 & 5820

5920

Capture

Manager rights: cisco-AV-Pair shell:roles=network-admin
Ready-Only: cisco-AV-Pair shell:roles=level-1

5820

The important thing to note here is that there are no attributes currently available that will grant you a specific level of rights. Use RADIUS to controll access, then use the super command to control the access level.

example radius scheme configuration

radius scheme radius-auth
primary authentication <server>
primary accounting <server>
key authentication <key>
key accounting <key>
user-name-format without-domain
quit
super password level 1 simple <password>
super password level 2 simple <password>
super password level 3 simple <password>

E-Series

Tested on: 3800

RADIUS attributes

Enabled mode: RADIUS Attributes > Standard: Service-Type:Administrative
Monitor mode: RADIUS Attributes > Standard: Service-Type:NAS Prompt

Example configuration

radius-server host <server> key <key>
aaa authentication ssh login radius local
aaa authentication ssh enable radius local
aaa authentication login privilege-mode