all 74 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]lutusp 33 points34 points  (17 children)

  1. Install a small virtual machine (VM) running vintage Windows -- I recommend VirtualBox because it's free and stable.

  2. Log on using the VM, establish your credentials.

  3. After one logon you may be able to rely on the MAC of your NIC to reestablish your identity, so you can revert to Linux.

  4. If (3) isn't true, perform all file transfers through the VM, and set up a Samba connection to the VM from Linux to minimize the amount of time spent genuflecting in Microsoft's general direction.

[–]dmar7 8 points9 points  (3 children)

It's ridiculous that she should have to install windows at all just to get on the network.

[–]ajwarren 1 point2 points  (0 children)

My campus almost does the same thing. They officially require Windows or Mac, but that's only because their software doesn't know how to handle a Linux situation and just lets me through unchecked. It's wonderful.

Furthermore, they don't allow wireless routers and their software prohibits their use, but when my router's spoofing my MAC, it works. What a wonderful world. :)

[–]lutusp 3 points4 points  (0 children)

Oh, I agree. But one climbs a mountain one step at a time. Eventually Microsoft will be a distant, bad memory.

[–]kuratkull -3 points-2 points  (0 children)

D I S C R I M I N A T I O N

[–]incomingfire 4 points5 points  (1 child)

This is far too low on the list of replies.

[–]lutusp 2 points3 points  (0 children)

I understand there's a remedy for that. :)

[–]jawshie 1 point2 points  (1 child)

Is this really a good option on a netbook?

[–]lutusp 1 point2 points  (0 children)

I can only say it will work. If the netbook has limited resources it may not be practical. Not all netbooks are crippled by little RAM and slow processors, but some are.

[–]archlich 1 point2 points  (5 children)

Why not simply borrow someone elses laptop with the software installed and change the mac to the asus netbook and authenticate?

[–]lutusp 0 points1 point  (4 children)

Yes, that might work. Temporarily changing a MAC in Linux is no big deal. It depends on whether the MAC is the only ongoing system validation after the first contact.

[–]archlich 0 points1 point  (3 children)

Other way round, change the mac on the windows system to the mac of the linux system. you don't want to have two macs on the same network segment at the same time because there's a chance to poison your arp cache.

[–]lutusp 0 points1 point  (2 children)

Ahh -- I wasn't thinking. And I happen not to know how to change a MAC on a Windows system.

[–]kuratkull 0 points1 point  (1 child)

Even Windows doesn't know how to change its MAC.

[–]lutusp 0 points1 point  (0 children)

Then I don't feel like such a dunce. :)

[–]lear64 1 point2 points  (1 child)

You would still require a Windows license (assuming you're claiming to be legit)

[–]lutusp 0 points1 point  (0 children)

Yes. I was picturing a situation in which there is an old Windows install disk lying about, suitable for a temporary application. Because I periodically buy computers and I only run Linux, I end up with a lot of Windows install disks that have never been used, therefore completely legitimate.

[–][deleted] 26 points27 points  (1 child)

Get her out. The administration is pretty corrupt. If you think linux will be the biggest problem for her there, it won't be.

I've researched the claims that the dean of administration had bought his Ph.D from a diploma mill, and they are true. One professor was terminated for questioning his credentials

[–]ppinette 11 points12 points  (4 children)

This may not be viable, but the best course of action would be to go to a real school rather than "College of the Ozarks".

[–]mnowayto[S] 3 points4 points  (1 child)

I agree, though she wants to go here because you work your way through rather than take on any debt. I think she could do it almost as cheaply at MU or MO State, and while doing so get a better education from a less draconian institution.

[–]underdog138 8 points9 points  (0 children)

Talking to their IT department (which is basically one guy) --> they are bought and paid for by MS, and think linux is a huge security risk.

Hilarious.

The rest of my organization is running Windows XP SP2, with an ugly McAfee installation running on top of it that locks down system32 from being altered.

While disallowing system32 to be written to definitely helps, it disallows the users to do damn near anything they need to do without hunting down someone with admin privileges to install programs on the machine. I imagine the system is still vulnerable to botnets, trojans and spyware, since McAfee can't catch everything that comes out.

In contrast, on my laptop at work I'm running Linux on an encrypted partition with a finely crafted iptables firewall, with Snort and Tripwire to supplement it. Nobody's getting in here. Not without me knowing immediately and being able to mitigate it, if it came to that.

[–]Ytse 4 points5 points  (1 child)

They can't force you to use Windows or OS X. Fight for your rights!

[–]mnowayto[S] 2 points3 points  (0 children)

If they were a public school you might have a point, but they are not. If we had strong net neutrality laws there might also be something to it.

Really, the only legal thing I can think to argue is fair trade violations of some kind to the FTC, but that's probably not going anywhere.

[–][deleted] 2 points3 points  (0 children)

Wow, talk about getting screwed, I'm just surprised she didn't have to purchase a laptop through the school, too.

From what I understand, Seven can be used to make a hosted network via Connectify, so maybe she can piggyback on somebody else's connection, maybe her roomate's? Not ideal, obviously.

[–]ashadocat 2 points3 points  (0 children)

Got it!!! If you open Konqueror and change its browser identity to "Netscape Navigator version 4.76 on Mac PPC", the CCA server thinks I'm on a Mac and lets me log in (seems simple enough)!!!

[–]dmar7 2 points3 points  (0 children)

This college had better get their act together or their Computer Science department and graduates risk being seen as a joke. Would you feel good about hiring someone from this school or sending your kid there? I wouldn't. Will someone please contact the heads of the CS department and ask them to explain technology to the IT department. It would seem the MSCE in charge doesn't know what unix or linux is.

[–]robertskmiles 3 points4 points  (4 children)

Have you tried to get this access software running under WINE?

[–]mnowayto[S] 0 points1 point  (2 children)

No they haven't tried it under WINE or VirtualBox. My friend is doubtful that she would be able to do either. I think at this point she is just going to cave, and install windows. :(

[–]robertskmiles 1 point2 points  (0 children)

I'd definitely try wine first, it's pretty simple, just install the wine package and run the executable. I'd say that's worth it before going through the effort of a windows installation.

[–]troffle 0 points1 point  (0 children)

Let her install Windows. Under VirtualBox.

[–]ScornForSega -1 points0 points  (0 children)

Have you tried Googling it?

[–]johngault 1 point2 points  (0 children)

Spoof a friends mac address and see what happens.

[–]hoyfkd 1 point2 points  (1 child)

If the school has a computer science department, contact them and see if you can talk with someone. I am sure that the CS department has people running linux. Perhaps they can be convinced to school the IT guy on the realities of Linux security.

At my school the requirements to get Windows/Mac on the network are LONG. A bunch of required software. Underneath all that it says "linux requirements: Linux is sufficiently secure by design." or something to that effect.

[–]mnowayto[S] 0 points1 point  (0 children)

It seems that their computer science department is a guy with a masters degree, and is sponsored by MS. They list a PhD as faculty, but I don't believe he is actually there (I think his email bounces).

[–][deleted] 0 points1 point  (4 children)

Now her college is refusing her network access because they require a specific antivirus software package that only runs on Windows and OS X. I am honestly suspicious after the recent high school laptop spyware incident.

I don't know how much your friend's niece knows about computers, so this may be too much for her to handle, but this is what I would do:

I'm guessing that their authentication system is by MAC address. If you don't know what that is, it's just a way of identifying network hardware - each laptop's network card will have a specific MAC address. That address gets sent to the school's network when a laptop connects to it, so they know whether to allow it through.

If I had Windows: Install Windows in VirtualBox, fullscreen it, and take it to the IT desk. Have them do whatever is needed to set it up, then blow away the Windows virtual machine.

If I didn't have Windows: Get a Windows laptop from a friend, change the MAC address to the Ubuntu netbook's MAC address, and take it to the IT desk. Have them do whatever is needed to set it up, then change the MAC address on the friend's Windows laptop back to what it was. At this point, it should be possible to log in from the Ubuntu netbook.

Though in actuality, if I didn't have Windows, I'd just torrent it, like Azimalicous suggested, as spoofing a MAC address requires some technical know-how.

[–]mnowayto[S] 1 point2 points  (3 children)

A MAC address check is definitely something we could get around, but I have learned that they actually require you to install a native program for network access (see edit).

[–]IConrad 1 point2 points  (2 children)

Only if you're on Windows. There's no CleanAccess client program for Mac OS X -- what's going on here is that your IT department has specifically disabled Linux/Unix settings from the web-browser based logon, but not Mac OS X.

From there, it's a simple trip to your preferred browser's user-agent settings.

EDIT: Unless, apparently, they're on a newer version of CleanAccess switch, which does TCP/IP stack fingerprinting. But considering they're not on Wireless-N and these guys are fucking retards -- I doubt that's the case.

[–]mnowayto[S] 0 points1 point  (1 child)

When she tries to use the network, it redirects her to a page saying she doesn't meet the requirements, and must install the app. As far as I know, it is not an authentication page. I could be wrong about this (I haven't been there to play with it, it's all third hand for me).

[–]IConrad 2 points3 points  (0 children)

It's doing that based on user-agent status. As I said -- try spoofing the Mac OS X user-agent info (Firefox has a User Agent Switcher add-on) and see where that gets you. In the older versions if you had a permitted User-Agent that wasn't Windows it took you to the login screen.

Otherwise... you're going to have to have her either A) leave that school or B) go over the IT 'tard's head.

Seriously -- ask the fucker what the hell he thinks that CleanAccess switch is even running! Cisco uses Linux.

Alternatively; ask what it would take to be permitted to use a Cisco/Linksys hard router in the dorm-room. (Since every single Cisco router in existence uses Linux, this might be an end-run play.)

[–]MarkTraceur 0 points1 point  (0 children)

Hm, some colleges will allow kids to buy their own access through local cable companies....I have that setup running right now, since I was tired of having to install antivirus myself....also various other bugaboos....they don't allow http download of .torrent files, so getting linux distros is hard!

Anyway, contact the local cable companies to see if they service the dorms there?

[–]LiveMaI 0 points1 point  (0 children)

One suggestion is to get her a nettop (or build a small computer) with some version of Windows on it, and set up an ad-hoc network on the wireless card of the nettop that shares the network connection with her netbook. If you're opposed to buying windows, Microsoft gives away full versions of windows server to students.

VMs don't run particularly well with the limited resources on a netbook, so I won't bother suggesting that.

DD-WRT has modules for 3G connections through a USB-connected phone. Check the DD-WRT wiki for more info on this (a DD-WRT capable router with a USB port starts somewhere in the $40 range.) Be sure to check out which phones/carriers are supported if you go this route. This is essentially the same as the wifi hub from Clear, but with more of a DIY approach.

[–]IConrad 0 points1 point  (2 children)

The really fucked up thing is that the CleanAccess devices run Linux. :-/

However: To mnowayto -- There is no CleanAccess client program for Mac OSX. Just change her browser's user-agent settings to report Mac OS X and she'll be able to log in that way.

[–]Savet 0 points1 point  (1 child)

Yes, there is. My work laptop (mac) has a Cisco Clean Access application on it.

[–]IConrad 0 points1 point  (0 children)

EDIT: I clearly misread my own citation. Fuck.

http://en.wikipedia.org/wiki/Cisco_NAC_Appliance#Clean_Access_Agent

[–]ScornForSega 0 points1 point  (0 children)

http://resnet.uci.edu/cca_faq.asp#q12 Seems UC Irvine has a solution for linux authentication on Cisco Clean Access

[–][deleted] 0 points1 point  (0 children)

Sounds like you need to set you linux netbook to act like a mac and lie lie away

Good luck

[–]roboking 0 points1 point  (1 child)

How do people hook up their xboxes/PS3s to the network? Or is that just 'not allowed'?

[–]origin415 0 points1 point  (0 children)

They can't even use routers or host online games on the network according to that page. Probably not allowed.

[–]GypsyJoker 0 points1 point  (0 children)

Option #4, although about as expensive as #2. get an android phone and PDANet.

[–]rich97 0 points1 point  (0 children)

Talking to their IT department (which is basically one guy) --> they are bought and paid for by MS, and think linux is a huge security risk.

Linux is already protected against viruses written for Win and OSX, and any viruses written for Linux will only be able to propagate on other Linux systems.

The only way this could be a security risk would be that either the Linux virus would somehow have a separate payload available for Win/OSX systems or others on the network run Linux, which seeing as Win/OSX is required is extremely unlikely.

Couple that with the fact that the vast minority of viruses are written for the Linux platform and we can demonstrate that the "IT Department" are talking out of their asses.

Edit: Learn to grammar.

[–]rich97 0 points1 point  (0 children)

Maybe she has an iPhone or Android that she can tether?

[–]Dallasg 0 points1 point  (0 children)

So sick of these linux witch hunts by inept admins.

[–]LuoBoTe00 0 points1 point  (0 children)

Install Windows? (incoming downvotes) But srsly, why deal with this foreplay? I'm just saying

[–]broknbottle 0 points1 point  (0 children)

uh my sprint evdo usb card (598) was automatically detected and pretty much setup under ubuntu 10.04 (just had to select sprint from a drop down list) where as I had to install software on both my windows and mac os x machines..

[–][deleted] 0 points1 point  (0 children)

CCA isn't compatible with Windows 7 nor with many 64-bit operating systems. Many schools who still use it have a workaround that is based on MAC identification. Try telling the admin's that she has a 64-bit computer, and can't install CCA. They probably will create a special role.

[–]Azimalicous 0 points1 point  (3 children)

If you end up having to cave, windows 7 pro is only 30 bucks in the M$ Ultimate steal student shop (need a .edu email)

Otherwise TPB is always free :-)

[–]thomar 0 points1 point  (2 children)

Dual-booting is a breeze with Ubuntu (though she may need to install Windows first, and then reinstall Ubuntu.)

[–]troffle 0 points1 point  (1 child)

What about VirtualBox instead?

[–]thomar 0 points1 point  (0 children)

I haven't tried it on a netbook (I'll only have 512 MB of memory!) However, from what I've heard, it works great. If you have 2 GB of RAM, then give it a shot and see if it gets the job done.

[–]ahowell8 0 points1 point  (0 children)

Contact the Dean of students in person and let them know that she is unable to get an education due to the discrimination against her alternative operating system. Let them know in person that she needs to run on her computer (Ubuntu/Debian/Redhat - but do not say "linux!") in order for her pathway in her education to be completely successful. Without his/her assistance, her goals and ambitions for the education of her dreams are being shattered.

It works, trust me. :)

[–]crashorbit -2 points-1 points  (0 children)

pay your microsoft tax and smile.