[CentOS] RADIUS
hw
hw at gc-24.de
Fri Feb 23 13:28:23 UTC 2018
Pete Biggs wrote:
>
>> There are devices that are using PXE-boot and require access to the company LAN.
>> If I was to allow PXE-boot for unauthenticated devices, the whole thing would be
>> pointless because it would defeat any security advantage that could be gained by
>> requiring all devices and users to be authenticated: Anyone could bring a device
>> capable of PXE-booting and get network access.
>
> So authenticate before imaging. Lots of imaging solutions allow that -
> even the MS WDS does it.
Well, I don´t have an imaging solution and no idea how to do that.
>> As a customer visting a store, would you go to the lengths of configuring your
>> cell phone (or other wireless device) to authenticate with a RADIUS server in
>> order to gain internet access through the wirless network of the store?
>
> Yes, I do it frequently with my phone. You do it once and it remembers
> it. My phone is more often on wifi than on 4G when I'm in a town.
And you need to install certificates or enter a password or something?
>> From what I´m being told, everyone already has internet access with their cell
>> phones from their phone service provider and is apparently happy with that
>> even though the amount of data they can transmit is ridiculously low. So why
>> would anyone do any configuring and have to worry about protecting ther privacy
>> when and for using the wireless network of a shop they´re visting?
>
> Because you get faster data rates and in the middle of a big shop you
> don't get a phone signal.
How do you get faster data rates? In a shop that even has a 100Mbit internet
connection and 50 customers using it, you would get only 2Mbit.
How do the shops prevent you from getting a phone signal?
>> I have no idea what the lengths of configuring might be other than that anything
>> you try to do with a cell phone or a tablet is so extremely painful or outright
>> impossible that I only touch them when I get paid for it. Perhaps RADIUS
>> authentication is easy with such devices.
>
> In general the user knows nothing about RADIUS - you are presented with
> a username/password box when you first connect to the wifi and that is
> it.
Those are particularly painful to enter, but I guess it could be used
for some customers.
>>>> I´m not using gnome; I recently tried it, and it´s totally bloated,
>>>> yet doesn´t even have a usable window manager.
>>>
>>> OK. I'm not sure how your opinion of GNOME is really relevant.
>>> I'm describing it because it's an example that's probably within
>>> reach for both you and me, given that you and I are communicating
>>> via a GNU/Linux focused mailing list.
>>>
>>> I'm sorry my voluntary attempt to help you out wasn't to your liking.
>>
>> Don´t be sorry, there´s nothing wrong with your help, and I appreciate it.
>>
>> Just keep in mind when you say that the opinions of users of software X are
>> irrelevant, software X itself is as irrelevant as the opinions.
>
> Exactly. "Software X" was an example of how it could be done. It
> doesn't matter what your opinions are about it. Other software is
> available. You seem to be taking the examples that people give you as
> the only possible way of doing things.
>
> RADIUS is a very mature technology and as such there are lots of ways
> of using it.
Well, I don´t know about any of this. I found out that RADIUS is probably
what I could or should use to get things working as intended, so I tried to
find documentation on /how/ to use it and found nothing but documentation which
says that it could be used, which I already know.
So I tried it to a limited extend and found that it could and probably should be
used.
More information about the CentOS
mailing list