[CentOS] RADIUS

[hw]

Richard Grainger wrote:
> On Fri, Feb 23, 2018 at 11:22 AM, hw <hw at gc-24.de> wrote:
> 
>> As a customer visting a store, would you go to the lengths of configuring
>> your
>> cell phone (or other wireless device) to authenticate with a RADIUS server
>> in
>> order to gain internet access through the wirless network of the store?
>>
>>  From what I´m being told, everyone already has internet access with their
>> cell
>> phones from their phone service provider and is apparently happy with that
>> even though the amount of data they can transmit is ridiculously low.  So
>> why
>> would anyone do any configuring and have to worry about protecting ther
>> privacy
>> when and for using the wireless network of a shop they´re visting?
>>
>> I have no idea what the lengths of configuring might be other than that
>> anything
>> you try to do with a cell phone or a tablet is so extremely painful or
>> outright
>> impossible that I only touch them when I get paid for it.  Perhaps RADIUS
>> authentication is easy with such devices.
> 
> Corporate mobile devices are typically configured using MDM to already
> have the company 802.1x profile so they "just work" on the corporate
> WiFi.

MDM?  I´ve never heared that before; might be worthwhile to look into.

> Guest mobile devices will connect to another SSID, which
> usually only allows access to the internet (sometimes after agreeing
> to a AUP via a captive web portal).

Yes, that´s one of the ideas.  Another idea is to allow unregistered
customers access for a limited amount of time and allowing registered
customers (like regular customers having a customer card) an unlimited
amount of time.  I have no idea yet how I would limit the time.

That requires some way to distinguish between customers, and it means
that distinguishing between devices is not sufficient for registered
customers.