5. Common Questions
The Debian installation manual provides comprehensive guidance for anyone who is not already familiar with installing Debian GNU/Linux.
/etc/network/interfaces, for example the following sample configures 3 VLANs on the first Ethernet interface (
eth0), where VLAN 13 is used to provide host connectivity to the outside world (note that you do not need to specify IP addresses for all interfaces - only the one that will be used to contact the gateway):
Oxford SSO accounts include a Kerberos principal that can be used for authentication - to prove
your identity. Normal SSO accounts are based on a "simple" principal of the form
@OX.AC.UK - the first part is often referred
to as the Oxford username. These accounts are used for a wide variety of purposes, and the
account password is likely to be used in a number of situations where convenience is preferred
For certain administrative IT activities, such as establishing server-to-server trust, a higher
level of security is required than can be assumed for most SSO accounts. OUCS therefore issues
a separate set of credentials to ITSS who need this facility. For consistency and ease of
remembering, the principal is based on the usual SSO username, taking the form
/itss@OX.AC.UK. The password constraints on these
accounts are more stringent as well, requiring a minimum of 8 characters.
accounts can be managed in the same way as a normal SSO account, through the
Webauth account management pages.
Registered ITSS can request a
/itss principal by email to firstname.lastname@example.org. In
order to set a password on this account you will typically need to visit OUCS with your University
Card as photographic identification, although we can send temporary passwords encrypted with GPG
where we already have trusted keys for the relevant recipient.
Responsibility for maintenance is shared between yourself and OUCS. Under normal circumstances OUCS will ensure that updates to the installed Debian release are applied expediently, and will manage the system configuration. You should maintain the infrastructure (physical or virtual), environment, and network connectivity.
OUCS will endeavour to identify and resolve minor platform issues if/when they arise. If a problem cannot be resolved then you may need to reinstall the gateway using the instructions above. EEM gateways are not backed up as the only data that could be lost are the recent observations of active devices.
Upgrading to future Debian releases is expected to be the responsibility of local ITSS, carried out by way of a new installation / full reinstallation. This has not yet been explored or tested however, and a more lightweight upgrade option may become available.
Some people may not have the infrastructure, resources, capabilities, or authorisation to meet the requirements set out above to run their own part managed EEM gateway. Therefore you can request a fully managed gateway provided by OUCS free of charge.
The main reason is that
krb5-user on its own is not enough - you also need proper configuration in
eem-configure step will do both things for you, which is
why it comes before the
kadmin step in the installation instructions.
No. EEM is perfectly capable of being used on VLANs, and even of waking up hosts that move from one VLAN to another, and works well with systems such as the Bradford Campus Manager. However, Cisco's VMPS DVLAN solution actually marks as "inactive" any managed switch ports that have not seen traffic from the connected device for a given period of time, and will not forward any further network packets on that port. This means that when a computer is turned off, the switch port is marked "inactive" and the switch will not send the wake-on-LAN magic packet to the target host.
The Cisco support forms include a ticket about this issue, available at https://supportforums.cisco.com/thread/15213