[CentOS] RADIUS

[hw]

Pete Biggs wrote:
> 
>>> What do you want?
>>
>> I was asking for documentation telling me how RADIUS can be used, not only
>> that it can be used.
> 
> RADIUS is just an authentication (plus a bit more) protocol - what you
> are asking is like asking how LDAP can be used. Usually it's treated
> like a magic black box by applications in that one of the configuration
> options is to "use a RADIUS server" and then you just configure the
> necessary information in the client so it talks to the correct box. The
> reason RADIUS is used rather than some other authentication protocol is
> that it is designed to be used in a network authentication role.
> 
> Rather than focussing on the RADIUS aspect, you would probably be
> better looking at the configuration and technology around how you want
> the network to operate. The way the RADIUS server is used will be
> obvious once you've sorted that out.

When I figure out how the network is supposed to operate, RADIUS might not
be needed, and useful functionality it could provide would not exist because
I couldn´t figure it in for I didn´t know any better.  I´d be doing a bad
job.


>>> What are your constraints? [AKA what have you been told to do.]
>>
>> The task is to provide wireless coverage for employees and customers on
>> company premises.  It is desirable to be able to keep track of customers,
>> as in knowing where exactly on the premises they currently are (within
>> like 3--5 feet, which is apparently tough),
> 
> Tough? I would say basically impossible. The only way of getting that

Apparently Cisco can do it:

https://www.cisco.com/c/en/us/products/collateral/wireless/wireless-location-appliance/product_data_sheet0900aecd80293728.html

> sort of accuracy is to either have lots of pico cells so you know which
> AP a device is connected to, or be able to triangulate. WiFi has a
> reasonable range and devices like to hang on to an AP for as long as
> possible, even if they can pass off on to a closer more powerful one.
> 
> I know retailers are looking at targeting customers via their location,
> but I think that currently needs the co-operation of the customer's
> device via a downloaded app.
> 
>>   and simpler things like knowing
>> how long they stay and if they have been on the premises before.
> 
> I can see now why you wanted to stop customers/employees from using
> their 4G connection.

There is no point in offering wireless to customers when they aren´t
going to use it.

>> That is what using RADIUS apparently leads to when you have devices using
>> PXE boot.  Maybe they need to be considered as a security risk and be
>> replaced.
> 
> You mentioned X2Go and that your PXE booting clients used it. I know
> X2Go and the client is a standalone app that uses ssh to login to the
> server to initiate a remote desktop type environment.  There's nothing
> in X2Go per se that requires a persistent network connection before
> they connect. So, am I right in assuming that your PXE clients are
> actually diskless machines that get all of their environment from the
> network?

They are, and they boot to where a user needs to enter a username and a
password to log in.  Perhaps that can be changed, but I´m glad that it
works as well as it does and am not inclined to touch it.  It seems rather
fragile, the documentation isn´t too great and you are left to your magic
guesswork about how it might work.

There are things that bother me like that you can not set a screen resolution
based on the user that logs in, and I had to set it to a fixed resolution for
all clients.  Replacing these devices rather than messing with them would have
some advantages --- and disadvantages.