Pete Biggs wrote: > >> There are devices that are using PXE-boot and require access to the company LAN. >> If I was to allow PXE-boot for unauthenticated devices, the whole thing would be >> pointless because it would defeat any security advantage that could be gained by >> requiring all devices and users to be authenticated: Anyone could bring a device >> capable of PXE-booting and get network access. > > So authenticate before imaging. Lots of imaging solutions allow that - > even the MS WDS does it. Well, I don´t have an imaging solution and no idea how to do that. >> As a customer visting a store, would you go to the lengths of configuring your >> cell phone (or other wireless device) to authenticate with a RADIUS server in >> order to gain internet access through the wirless network of the store? > > Yes, I do it frequently with my phone. You do it once and it remembers > it. My phone is more often on wifi than on 4G when I'm in a town. And you need to install certificates or enter a password or something? >> From what I´m being told, everyone already has internet access with their cell >> phones from their phone service provider and is apparently happy with that >> even though the amount of data they can transmit is ridiculously low. So why >> would anyone do any configuring and have to worry about protecting ther privacy >> when and for using the wireless network of a shop they´re visting? > > Because you get faster data rates and in the middle of a big shop you > don't get a phone signal. How do you get faster data rates? In a shop that even has a 100Mbit internet connection and 50 customers using it, you would get only 2Mbit. How do the shops prevent you from getting a phone signal? >> I have no idea what the lengths of configuring might be other than that anything >> you try to do with a cell phone or a tablet is so extremely painful or outright >> impossible that I only touch them when I get paid for it. Perhaps RADIUS >> authentication is easy with such devices. > > In general the user knows nothing about RADIUS - you are presented with > a username/password box when you first connect to the wifi and that is > it. Those are particularly painful to enter, but I guess it could be used for some customers. >>>> I´m not using gnome; I recently tried it, and it´s totally bloated, >>>> yet doesn´t even have a usable window manager. >>> >>> OK. I'm not sure how your opinion of GNOME is really relevant. >>> I'm describing it because it's an example that's probably within >>> reach for both you and me, given that you and I are communicating >>> via a GNU/Linux focused mailing list. >>> >>> I'm sorry my voluntary attempt to help you out wasn't to your liking. >> >> Don´t be sorry, there´s nothing wrong with your help, and I appreciate it. >> >> Just keep in mind when you say that the opinions of users of software X are >> irrelevant, software X itself is as irrelevant as the opinions. > > Exactly. "Software X" was an example of how it could be done. It > doesn't matter what your opinions are about it. Other software is > available. You seem to be taking the examples that people give you as > the only possible way of doing things. > > RADIUS is a very mature technology and as such there are lots of ways > of using it. Well, I don´t know about any of this. I found out that RADIUS is probably what I could or should use to get things working as intended, so I tried to find documentation on /how/ to use it and found nothing but documentation which says that it could be used, which I already know. So I tried it to a limited extend and found that it could and probably should be used.