Pete Biggs wrote:> >> There are devices that are using PXE-boot and require access to the company LAN. >> If I was to allow PXE-boot for unauthenticated devices, the whole thing would be >> pointless because it would defeat any security advantage that could be gained by >> requiring all devices and users to be authenticated: Anyone could bring a device >> capable of PXE-booting and get network access. > > So authenticate before imaging. Lots of imaging solutions allow that - > even the MS WDS does it.Well, I don?t have an imaging solution and no idea how to do that.>> As a customer visting a store, would you go to the lengths of configuring your >> cell phone (or other wireless device) to authenticate with a RADIUS server in >> order to gain internet access through the wirless network of the store? > > Yes, I do it frequently with my phone. You do it once and it remembers > it. My phone is more often on wifi than on 4G when I'm in a town.And you need to install certificates or enter a password or something?>> From what I?m being told, everyone already has internet access with their cell >> phones from their phone service provider and is apparently happy with that >> even though the amount of data they can transmit is ridiculously low. So why >> would anyone do any configuring and have to worry about protecting ther privacy >> when and for using the wireless network of a shop they?re visting? > > Because you get faster data rates and in the middle of a big shop you > don't get a phone signal.How do you get faster data rates? In a shop that even has a 100Mbit internet connection and 50 customers using it, you would get only 2Mbit. How do the shops prevent you from getting a phone signal?>> I have no idea what the lengths of configuring might be other than that anything >> you try to do with a cell phone or a tablet is so extremely painful or outright >> impossible that I only touch them when I get paid for it. Perhaps RADIUS >> authentication is easy with such devices. > > In general the user knows nothing about RADIUS - you are presented with > a username/password box when you first connect to the wifi and that is > it.Those are particularly painful to enter, but I guess it could be used for some customers.>>>> I?m not using gnome; I recently tried it, and it?s totally bloated, >>>> yet doesn?t even have a usable window manager. >>> >>> OK. I'm not sure how your opinion of GNOME is really relevant. >>> I'm describing it because it's an example that's probably within >>> reach for both you and me, given that you and I are communicating >>> via a GNU/Linux focused mailing list. >>> >>> I'm sorry my voluntary attempt to help you out wasn't to your liking. >> >> Don?t be sorry, there?s nothing wrong with your help, and I appreciate it. >> >> Just keep in mind when you say that the opinions of users of software X are >> irrelevant, software X itself is as irrelevant as the opinions. > > Exactly. "Software X" was an example of how it could be done. It > doesn't matter what your opinions are about it. Other software is > available. You seem to be taking the examples that people give you as > the only possible way of doing things. > > RADIUS is a very mature technology and as such there are lots of ways > of using it.Well, I don?t know about any of this. I found out that RADIUS is probably what I could or should use to get things working as intended, so I tried to find documentation on /how/ to use it and found nothing but documentation which says that it could be used, which I already know. So I tried it to a limited extend and found that it could and probably should be used.
> > Yes, I do it frequently with my phone. You do it once and it remembers > > it. My phone is more often on wifi than on 4G when I'm in a town. > > And you need to install certificates or enter a password or something?Yes. Just once, then things are remembered and you can seemlessly roam between various APs and networks.> > > > > Because you get faster data rates and in the middle of a big shop you > > don't get a phone signal. > > How do you get faster data rates? In a shop that even has a 100Mbit internet > connection and 50 customers using it, you would get only 2Mbit.4G isn't ubiquitous, 3G/EDGE is still common - and phone networks are patchy and slow.> > How do the shops prevent you from getting a phone signal?Why "prevent"? I never said that. Shops are essentially big metal boxes covered in wires and fluorescent lights, with the phone transmitter outside and an indeterminate distance away. Phone signals are weak and attenuated by the big metal box so your phone gives up on the network. Shops provide a "free" wifi as a service to its customers (nothing is free, they get the chance to harvest information about your presence in the store - if you don't like it, don't use their wifi, it's not compulsory).> > > In general the user knows nothing about RADIUS - you are presented with > > a username/password box when you first connect to the wifi and that is > > it. > > Those are particularly painful to enter, but I guess it could be used > for some customers.<sigh> yes, mobile devices can be awkward to type on. If they had full size keyboards they wouldn't be easy to fit in your pocket.> > > > RADIUS is a very mature technology and as such there are lots of ways > > of using it. > > Well, I don?t know about any of this. I found out that RADIUS is probably > what I could or should use to get things working as intended, so I tried to > find documentation on /how/ to use it and found nothing but documentation which > says that it could be used, which I already know. >RADIUS is just the authentication mechanism. Often that is a backend process and comes along with something that says "authentication can be provided by LDAP, RADIUS or ....". All the other things like PXE or WPA or 802.1x or VPN or whatever is frontend technology and use a RADIUS server to authenticate. P.
Pete Biggs wrote:>>> Yes, I do it frequently with my phone. You do it once and it remembers >>> it. My phone is more often on wifi than on 4G when I'm in a town. >> >> And you need to install certificates or enter a password or something? > > Yes. Just once, then things are remembered and you can seemlessly roam > between various APs and networks.What do you need internet access so urgently for while you?re in a shop?>>> Because you get faster data rates and in the middle of a big shop you >>> don't get a phone signal. >> >> How do you get faster data rates? In a shop that even has a 100Mbit internet >> connection and 50 customers using it, you would get only 2Mbit. > > 4G isn't ubiquitous, 3G/EDGE is still common - and phone networks are > patchy and slow.Then why do ppl pay so much for it?>> How do the shops prevent you from getting a phone signal? > > Why "prevent"?They somehow have to prevent you, or you would get a signal. > I never said that. Shops are essentially big metal boxes> covered in wires and fluorescent lights, with the phone transmitter > outside and an indeterminate distance away. Phone signals are weak and > attenuated by the big metal box so your phone gives up on the network.Phone signals are fine here. We would need to somehow block the signals.> Shops provide a "free" wifi as a service to its customers (nothing is > free, they get the chance to harvest information about your presence in > the store - if you don't like it, don't use their wifi, it's not > compulsory).right>> >>> In general the user knows nothing about RADIUS - you are presented with >>> a username/password box when you first connect to the wifi and that is >>> it. >> >> Those are particularly painful to enter, but I guess it could be used >> for some customers. > > <sigh> yes, mobile devices can be awkward to type on. If they had full > size keyboards they wouldn't be easy to fit in your pocket. > >>> >>> RADIUS is a very mature technology and as such there are lots of ways >>> of using it. >> >> Well, I don?t know about any of this. I found out that RADIUS is probably >> what I could or should use to get things working as intended, so I tried to >> find documentation on /how/ to use it and found nothing but documentation which >> says that it could be used, which I already know. >> > RADIUS is just the authentication mechanism. Often that is a backend > process and comes along with something that says "authentication can be > provided by LDAP, RADIUS or ....".Something like?> All the other things like PXE or WPA > or 802.1x or VPN or whatever is frontend technology and use a RADIUS > server to authenticate.I thought PXE doesn?t?