[CentOS] RADIUS

Thu Mar 1 18:15:25 UTC 2018
Bruce Ferrell <bferrell at baywinds.org>


On 3/1/18 10:02 AM, Pete Biggs wrote:
>>> What are your constraints? [AKA what have you been told to do.]
>> The task is to provide wireless coverage for employees and customers on
>> company premises.  It is desirable to be able to keep track of customers,
>> as in knowing where exactly on the premises they currently are (within
>> like 3--5 feet, which is apparently tough),
> Tough? I would say basically impossible. The only way of getting that
> sort of accuracy is to either have lots of pico cells so you know which
> AP a device is connected to, or be able to triangulate. WiFi has a
> reasonable range and devices like to hang on to an AP for as long as
> possible, even if they can pass off on to a closer more powerful one.
>
> I know retailers are looking at targeting customers via their location,
> but I think that currently needs the co-operation of the customer's
> device via a downloaded app.
There ARE companies that specialize in this type of thing.  It's really 
NOT a quicky-homebrew thing... Especially if one is staring with "tell 
me how to use <blank> AAA protocol".
>>   and simpler things like knowing
>> how long they stay and if they have been on the premises before.
> I can see now why you wanted to stop customers/employees from using
> their 4G connection.
One thing to keep in mind if this is in the US... Blocking cellular 
bands (and publicly accessible radio in general) is grossly illegal and 
a serious felony.
Marriott corporation tried it with WiFi and got smacked with a VERY 
large fine and I heard that some of the licensed radio engineers 
involved were also personally fined... They should have known better.

The commonly used technique is Bluetooth beacons... But the victims (er 
customers) HAVE to co operate.

>> That is what using RADIUS apparently leads to when you have devices using
>> PXE boot.  Maybe they need to be considered as a security risk and be
>> replaced.
> You mentioned X2Go and that your PXE booting clients used it. I know
> X2Go and the client is a standalone app that uses ssh to login to the
> server to initiate a remote desktop type environment.  There's nothing
> in X2Go per se that requires a persistent network connection before
> they connect. So, am I right in assuming that your PXE clients are
> actually diskless machines that get all of their environment from the
> network?
>
> P.