Pete Biggs wrote: > >>> What do you want? >> >> I was asking for documentation telling me how RADIUS can be used, not only >> that it can be used. > > RADIUS is just an authentication (plus a bit more) protocol - what you > are asking is like asking how LDAP can be used. Usually it's treated > like a magic black box by applications in that one of the configuration > options is to "use a RADIUS server" and then you just configure the > necessary information in the client so it talks to the correct box. The > reason RADIUS is used rather than some other authentication protocol is > that it is designed to be used in a network authentication role. > > Rather than focussing on the RADIUS aspect, you would probably be > better looking at the configuration and technology around how you want > the network to operate. The way the RADIUS server is used will be > obvious once you've sorted that out. When I figure out how the network is supposed to operate, RADIUS might not be needed, and useful functionality it could provide would not exist because I couldn´t figure it in for I didn´t know any better. I´d be doing a bad job. >>> What are your constraints? [AKA what have you been told to do.] >> >> The task is to provide wireless coverage for employees and customers on >> company premises. It is desirable to be able to keep track of customers, >> as in knowing where exactly on the premises they currently are (within >> like 3--5 feet, which is apparently tough), > > Tough? I would say basically impossible. The only way of getting that Apparently Cisco can do it: https://www.cisco.com/c/en/us/products/collateral/wireless/wireless-location-appliance/product_data_sheet0900aecd80293728.html > sort of accuracy is to either have lots of pico cells so you know which > AP a device is connected to, or be able to triangulate. WiFi has a > reasonable range and devices like to hang on to an AP for as long as > possible, even if they can pass off on to a closer more powerful one. > > I know retailers are looking at targeting customers via their location, > but I think that currently needs the co-operation of the customer's > device via a downloaded app. > >> and simpler things like knowing >> how long they stay and if they have been on the premises before. > > I can see now why you wanted to stop customers/employees from using > their 4G connection. There is no point in offering wireless to customers when they aren´t going to use it. >> That is what using RADIUS apparently leads to when you have devices using >> PXE boot. Maybe they need to be considered as a security risk and be >> replaced. > > You mentioned X2Go and that your PXE booting clients used it. I know > X2Go and the client is a standalone app that uses ssh to login to the > server to initiate a remote desktop type environment. There's nothing > in X2Go per se that requires a persistent network connection before > they connect. So, am I right in assuming that your PXE clients are > actually diskless machines that get all of their environment from the > network? They are, and they boot to where a user needs to enter a username and a password to log in. Perhaps that can be changed, but I´m glad that it works as well as it does and am not inclined to touch it. It seems rather fragile, the documentation isn´t too great and you are left to your magic guesswork about how it might work. There are things that bother me like that you can not set a screen resolution based on the user that logs in, and I had to set it to a fixed resolution for all clients. Replacing these devices rather than messing with them would have some advantages --- and disadvantages.