Thu Mar 1 18:02:46 UTC 2018
Pete Biggs <pete at biggs.org.uk>

> > What do you want?
> I was asking for documentation telling me how RADIUS can be used, not only
> that it can be used.

RADIUS is just an authentication (plus a bit more) protocol - what you
are asking is like asking how LDAP can be used. Usually it's treated
like a magic black box by applications in that one of the configuration
options is to "use a RADIUS server" and then you just configure the
necessary information in the client so it talks to the correct box. The
reason RADIUS is used rather than some other authentication protocol is
that it is designed to be used in a network authentication role.

Rather than focussing on the RADIUS aspect, you would probably be
better looking at the configuration and technology around how you want
the network to operate. The way the RADIUS server is used will be
obvious once you've sorted that out.

> > What are your constraints? [AKA what have you been told to do.]
> The task is to provide wireless coverage for employees and customers on
> company premises.  It is desirable to be able to keep track of customers,
> as in knowing where exactly on the premises they currently are (within
> like 3--5 feet, which is apparently tough),

Tough? I would say basically impossible. The only way of getting that
sort of accuracy is to either have lots of pico cells so you know which
AP a device is connected to, or be able to triangulate. WiFi has a
reasonable range and devices like to hang on to an AP for as long as
possible, even if they can pass off on to a closer more powerful one.

I know retailers are looking at targeting customers via their location,
but I think that currently needs the co-operation of the customer's
device via a downloaded app.

>  and simpler things like knowing
> how long they stay and if they have been on the premises before.

I can see now why you wanted to stop customers/employees from using
their 4G connection.

> That is what using RADIUS apparently leads to when you have devices using
> PXE boot.  Maybe they need to be considered as a security risk and be
> replaced.

You mentioned X2Go and that your PXE booting clients used it. I know
X2Go and the client is a standalone app that uses ssh to login to the
server to initiate a remote desktop type environment.  There's nothing
in X2Go per se that requires a persistent network connection before
they connect. So, am I right in assuming that your PXE clients are
actually diskless machines that get all of their environment from the