Pete Biggs wrote:
What do you want?
I was asking for documentation telling me how RADIUS can be used, not only
that it can be used.
RADIUS is just an authentication (plus a bit more) protocol - what you
are asking is like asking how LDAP can be used. Usually it's treated
like a magic black box by applications in that one of the configuration
options is to "use a RADIUS server" and then you just configure the
necessary information in the client so it talks to the correct box. The
reason RADIUS is used rather than some other authentication protocol is
that it is designed to be used in a network authentication role.
Rather than focussing on the RADIUS aspect, you would probably be
better looking at the configuration and technology around how you want
the network to operate. The way the RADIUS server is used will be
obvious once you've sorted that out.
When I figure out how the network is supposed to operate, RADIUS might not
be needed, and useful functionality it could provide would not exist because
I couldn´t figure it in for I didn´t know any better. I´d be doing a bad
job.
What are your constraints? [AKA what have you been told to do.]
The task is to provide wireless coverage for employees and customers on
company premises. It is desirable to be able to keep track of customers,
as in knowing where exactly on the premises they currently are (within
like 3--5 feet, which is apparently tough),
Tough? I would say basically impossible. The only way of getting that
Apparently Cisco can do it:
https://www.cisco.com/c/en/us/products/collateral/wireless/wireless-location-appliance/product_data_sheet0900aecd80293728.html
sort of accuracy is to either have lots of pico cells so you know which
AP a device is connected to, or be able to triangulate. WiFi has a
reasonable range and devices like to hang on to an AP for as long as
possible, even if they can pass off on to a closer more powerful one.
I know retailers are looking at targeting customers via their location,
but I think that currently needs the co-operation of the customer's
device via a downloaded app.
and simpler things like knowing
how long they stay and if they have been on the premises before.
I can see now why you wanted to stop customers/employees from using
their 4G connection.
There is no point in offering wireless to customers when they aren´t
going to use it.
That is what using RADIUS apparently leads to when you have devices using
PXE boot. Maybe they need to be considered as a security risk and be
replaced.
You mentioned X2Go and that your PXE booting clients used it. I know
X2Go and the client is a standalone app that uses ssh to login to the
server to initiate a remote desktop type environment. There's nothing
in X2Go per se that requires a persistent network connection before
they connect. So, am I right in assuming that your PXE clients are
actually diskless machines that get all of their environment from the
network?
They are, and they boot to where a user needs to enter a username and a
password to log in. Perhaps that can be changed, but I´m glad that it
works as well as it does and am not inclined to touch it. It seems rather
fragile, the documentation isn´t too great and you are left to your magic
guesswork about how it might work.
There are things that bother me like that you can not set a screen resolution
based on the user that logs in, and I had to set it to a fixed resolution for
all clients. Replacing these devices rather than messing with them would have
some advantages --- and disadvantages.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
