While this document attempts to be accurate, we may need to make changes (at little or no notice) to the way that the Laptop network is configured. We will make reasonable efforts to inform users of changes especially if they are likely to affect their use of the network, but cannot guarentee availability.
At some point we hope to have a technical description of the network for those who need more detailed information or want/need to implement their own authentication clients etc. If you want to connect up something unusual, or have your own client please let us know.
The simplest way to ensure that most things get set correctly (and automatically) is to configure the machine must obtain it's network address, DNS resolver settings (and some other settings) using DHCP.
Due to the way that this network is set up web browsers (Netscape, IE etc), need to be configured to use our local web proxy. The simplest way for most browsers to achieve this is to configure them to load a Proxy Autoconfiguration Script from the URL:
which contains all the needed setting.
To aid with setting things up we have more detailed instructions for some common types of machines/browsers:
laps.maths.cam.ac.ukas the server address. e.g. on unix systems edit the file
/etc/inet/ntp.confetc to contain the line:
server laps.maths.cam.ac.uk version 3For instructions on how to configure other operating-systems to use NTP see (for example), Robin Walker's cmtips page, though please remember to enter
laps.maths.cam.ac.ukas the NTP server!
We support 2 methods of printing from laptop client machines:
There are 2 ways to authenticate, with the tool provided (download from here), or via a web browser (if you don't want to use the provided code).
We currently have the following versions of the Laptop authentication tool for download:
You may have to Shift-Click the appropriate link to get your browser to download it.
To use this tool, download it and run it. Windows users may wish to
create a Shortcut to the
including their login-name on the command line. This will
start the program defaulting the Username to this value.
Similarly unix users might start
lauth.tcl from a shell script or create a shell function
or alias with their login-name on the command line.
The Windows and Intel/Linux executables were built from the TK/TCL with freewrap, version 0.561 (the linux lauth.glibc21 version uses version 0.54).
The linux lauth.glibc21 binary is suitable for use on systems with glibc 2.1 (and 2.2), e.g. RedHat 6.0 though 8.0. The linux lauth binary is needed for versions which ship with glibc 2.3 e.g. (RedHat 9), although it also seems to work on our RedHat 8 systems (which have updated versions of glibc). In general test the lauth binary first, and only if that fails try the .glibc21 version..
The MacOSX version was built with TclTkAquaStandalone-8.4.2, see the tcl sourceforge progect for details. To install this download the file, and double-click the .dmg file, this will mount it as a disk-image. Copy the Lauth application onto your local disk so you can run it without needing to mount the .dmg file each time. Note that while the .dmg file is only ~2M the application is nearly 7M when installed since the .dmg file is in a compressed format.
The TK/TCL and expect versions may (of course) need the path to wish or expect editing. You probably need to make them executable as well of course.
Anyone finding any problems with these or wants to volunteer to loan us any systems not currently supported should contact firstname.lastname@example.org in the first instance.
Running lauth you should see something rather like:
Enter your login name and password and hit the Login button. This should be sufficient. To stop lauth before logging out or unplugging the network, use the Logout button. The Quit menu item will logout (if you are logged in), and exit from the application.
To authenticate with a web browser, start the browser and go to the URL:
Once you have authenticated you will see a web page which will refresh periodically. While that web page is current your machine is authenticated and can use other network facilities.
Do not give your password to anyone else -- this would mean that the logs would show you rather than them. While you may trust a given individual, it is against the rules [ADD LINK TO RULES?] for use of the network (we are required to be able to say who caused network traffic in case of any abuse/complaint).
Normally we would suggest changing the password you are issued with, but currently we have no good mechanism for doing this. If you believe that your password is known by someone else, please contact one of the COs and we can reset it. Hopefully this limitation will be removed soon.
Occasionally you may need to use protocols which may not operate properly when used through NAT. In most cases there is an another way to perform the task, please contact us if you have problems and we may be able to suggest other things to try.
Under local and national academic rules we are required to know who is using a machine before it may be permitted to use networking resources, and to keep logs should we be required to identify abuse or mis-use.
As a result we must log not only all authentications but also details of all connections attempted while a machine is using the laptop network.
Such logs are held under the terms of the Data Protection Act (1998). Some of the information logged may sufficient to be considered an interception under the Regulation of Investigatory Powers Act (2000), though most of it is simply Traffic Data.
Of course we will keep such logs private and only disclose them as required by the authorities.
The act of authentication/deauthentication is logged and those logs contain:
In addition some actions may (of course) result in logs being stored elsewhere (e.g. on border firewalls or in web proxies elsewhere etc).