Pete Biggs wrote:
What do you want?
I was asking for documentation telling me how RADIUS can be used, not only that it can be used.
RADIUS is just an authentication (plus a bit more) protocol - what you are asking is like asking how LDAP can be used. Usually it's treated like a magic black box by applications in that one of the configuration options is to "use a RADIUS server" and then you just configure the necessary information in the client so it talks to the correct box. The reason RADIUS is used rather than some other authentication protocol is that it is designed to be used in a network authentication role.
Rather than focussing on the RADIUS aspect, you would probably be better looking at the configuration and technology around how you want the network to operate. The way the RADIUS server is used will be obvious once you've sorted that out.
When I figure out how the network is supposed to operate, RADIUS might not be needed, and useful functionality it could provide would not exist because I couldn´t figure it in for I didn´t know any better. I´d be doing a bad job.
What are your constraints? [AKA what have you been told to do.]
The task is to provide wireless coverage for employees and customers on company premises. It is desirable to be able to keep track of customers, as in knowing where exactly on the premises they currently are (within like 3--5 feet, which is apparently tough),
Tough? I would say basically impossible. The only way of getting that
Apparently Cisco can do it:
https://www.cisco.com/c/en/us/products/collateral/wireless/wireless-location...
sort of accuracy is to either have lots of pico cells so you know which AP a device is connected to, or be able to triangulate. WiFi has a reasonable range and devices like to hang on to an AP for as long as possible, even if they can pass off on to a closer more powerful one.
I know retailers are looking at targeting customers via their location, but I think that currently needs the co-operation of the customer's device via a downloaded app.
and simpler things like knowing how long they stay and if they have been on the premises before.
I can see now why you wanted to stop customers/employees from using their 4G connection.
There is no point in offering wireless to customers when they aren´t going to use it.
That is what using RADIUS apparently leads to when you have devices using PXE boot. Maybe they need to be considered as a security risk and be replaced.
You mentioned X2Go and that your PXE booting clients used it. I know X2Go and the client is a standalone app that uses ssh to login to the server to initiate a remote desktop type environment. There's nothing in X2Go per se that requires a persistent network connection before they connect. So, am I right in assuming that your PXE clients are actually diskless machines that get all of their environment from the network?
They are, and they boot to where a user needs to enter a username and a password to log in. Perhaps that can be changed, but I´m glad that it works as well as it does and am not inclined to touch it. It seems rather fragile, the documentation isn´t too great and you are left to your magic guesswork about how it might work.
There are things that bother me like that you can not set a screen resolution based on the user that logs in, and I had to set it to a fixed resolution for all clients. Replacing these devices rather than messing with them would have some advantages --- and disadvantages.