Pete Biggs wrote:
There are devices that are using PXE-boot and require access to the company LAN.
If I was to allow PXE-boot for unauthenticated devices, the whole thing would be
pointless because it would defeat any security advantage that could be gained by
requiring all devices and users to be authenticated: Anyone could bring a device
capable of PXE-booting and get network access.
So authenticate before imaging. Lots of imaging solutions allow that -
even the MS WDS does it.
Well, I don´t have an imaging solution and no idea how to do that.
As a customer visting a store, would you go to the lengths of configuring your
cell phone (or other wireless device) to authenticate with a RADIUS server in
order to gain internet access through the wirless network of the store?
Yes, I do it frequently with my phone. You do it once and it remembers
it. My phone is more often on wifi than on 4G when I'm in a town.
And you need to install certificates or enter a password or something?
From what I´m being told, everyone already has internet access with their cell
phones from their phone service provider and is apparently happy with that
even though the amount of data they can transmit is ridiculously low. So why
would anyone do any configuring and have to worry about protecting ther privacy
when and for using the wireless network of a shop they´re visting?
Because you get faster data rates and in the middle of a big shop you
don't get a phone signal.
How do you get faster data rates? In a shop that even has a 100Mbit internet
connection and 50 customers using it, you would get only 2Mbit.
How do the shops prevent you from getting a phone signal?
I have no idea what the lengths of configuring might be other than that anything
you try to do with a cell phone or a tablet is so extremely painful or outright
impossible that I only touch them when I get paid for it. Perhaps RADIUS
authentication is easy with such devices.
In general the user knows nothing about RADIUS - you are presented with
a username/password box when you first connect to the wifi and that is
it.
Those are particularly painful to enter, but I guess it could be used
for some customers.
I´m not using gnome; I recently tried it, and it´s totally bloated,
yet doesn´t even have a usable window manager.
OK. I'm not sure how your opinion of GNOME is really relevant.
I'm describing it because it's an example that's probably within
reach for both you and me, given that you and I are communicating
via a GNU/Linux focused mailing list.
I'm sorry my voluntary attempt to help you out wasn't to your liking.
Don´t be sorry, there´s nothing wrong with your help, and I appreciate it.
Just keep in mind when you say that the opinions of users of software X are
irrelevant, software X itself is as irrelevant as the opinions.
Exactly. "Software X" was an example of how it could be done. It
doesn't matter what your opinions are about it. Other software is
available. You seem to be taking the examples that people give you as
the only possible way of doing things.
RADIUS is a very mature technology and as such there are lots of ways
of using it.
Well, I don´t know about any of this. I found out that RADIUS is probably
what I could or should use to get things working as intended, so I tried to
find documentation on /how/ to use it and found nothing but documentation which
says that it could be used, which I already know.
So I tried it to a limited extend and found that it could and probably should be
used.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
