John Hodrien wrote:
This is really nothing to do with CentOS anymore, if it ever was.
right
On Thu, 1 Mar 2018, hw wrote:
If PXE boot is not possible because it would require to allow network access
to unauthorized devices, or if it is not reasonably feasible because
switching the device to a different VLAN after allowing unauthorized access
for booting and then providing credentials to authenticate the device (or
the user) will result in the device freezing and thus being useless, then
that just is so, and I have to deal with it.
Why would that *have* to result in the device freezing? You can PXE boot to a
kernel and initrd that after it's downloaded runs just fine without any
network access at all.
Like I said, they are x2go clients booting from the x2go server. Switching
them to another VLAN from where they can´t reach the server is basically the
same as unplugging the network cable, in which case they freeze until the
connection is restored, and giving them access to the server so that they can
boot before they are authorized is useless when I don´t want to allow network
access for unauthorized clients, and it is pointless because they would already
have the access they are supposed to have only after they are authorized.
There's no requirement for a PXE client to have network access to anything
other than a VLAN with a boot server that provides it with a boot image. You
can obviously add on frippery that only recognises approved MACs for even this
if you feel the need.
Sure, but how great may the lengths be you can go before it is not reasonably
feasible to do what you´re doing?
Right, but what about keeping track of customers? Apparently RADIUS has
some accounting features, and it might be an advantage to use those.
I really don't get why you want WPA2 Enterprise for this setup. There's a
reason why almost everyone uses captive portals for providing access to lots
of external users.
I didn´t say I want that, and I don´t know yet what I want. A captive portal may
be nice, but I haven´t found a way to set one up yet, and I don´t have an access
point controller which would provide one, so I can´t tell if that´s the right
solution.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos