[CentOS] RADIUS
hw
hw at gc-24.de
Fri Feb 23 10:33:08 UTC 2018
John Hodrien wrote:
> On Thu, 22 Feb 2018, hw wrote:
>
>> That seems neither useful, nor feasible for customers wanting to use the
>> wireless network we would set up for them with their cell phones. Are cell
>> phones even capable of this kind of authentication?
>
> Yes, entirely capable. WPA2-Enterprise isn't some freakish and unusual
> solution.
Ok, so it would at least be possible.
> https://www.eduroam.org/
>
> I configure wireless once on my device (phone/tablet/laptop) and then can
> travel to institutions all round the world and use their networks seamlessly.
> How useless and infeasible indeed.
Well, this country is almost the worst of all countries around the world when
it comes to internet access. Though they list a few locations here where you
supposedly could use their service, I wouldn´t expect anything. Then there´s
the question of protecting your privacy. For example, how much do they pay you
for allowing them to keep track of your travels?
In any case, it wouldn´t do our customers any good because there aren´t places
all over the world where they could use our network.
>> Anyway, there are some clients that can probably authenticate, which leaves
>> the ones that use PXE boot. I tried things out with a switch, and it would
>> basically work. If it makes sense to go any further with this and how now
>> needs to be determined ...
>
> A client that can't authenticate gets the network it's provided with by being
> unauthenticated. If an unauthenticated client can't have any network access,
> that's what they get. Presumably you could drop an unauthenticated machine
> into a different VLAN.
That would be a problem because clients using PXE-boot require network access,
and it wouldn´t contribute to security if unauthorized clients were allwed to
PXE-boot.
More information about the CentOS
mailing list