Pete Biggs wrote:>
>>> What do you want?
>>
>> I was asking for documentation telling me how RADIUS can be used, not
only
>> that it can be used.
>
> RADIUS is just an authentication (plus a bit more) protocol - what you
> are asking is like asking how LDAP can be used. Usually it's treated
> like a magic black box by applications in that one of the configuration
> options is to "use a RADIUS server" and then you just configure
the
> necessary information in the client so it talks to the correct box. The
> reason RADIUS is used rather than some other authentication protocol is
> that it is designed to be used in a network authentication role.
>
> Rather than focussing on the RADIUS aspect, you would probably be
> better looking at the configuration and technology around how you want
> the network to operate. The way the RADIUS server is used will be
> obvious once you've sorted that out.
When I figure out how the network is supposed to operate, RADIUS might not
be needed, and useful functionality it could provide would not exist because
I couldn?t figure it in for I didn?t know any better. I?d be doing a bad
job.
>>> What are your constraints? [AKA what have you been told to do.]
>>
>> The task is to provide wireless coverage for employees and customers on
>> company premises. It is desirable to be able to keep track of
customers,
>> as in knowing where exactly on the premises they currently are (within
>> like 3--5 feet, which is apparently tough),
>
> Tough? I would say basically impossible. The only way of getting that
Apparently Cisco can do it:
https://www.cisco.com/c/en/us/products/collateral/wireless/wireless-location-appliance/product_data_sheet0900aecd80293728.html
> sort of accuracy is to either have lots of pico cells so you know which
> AP a device is connected to, or be able to triangulate. WiFi has a
> reasonable range and devices like to hang on to an AP for as long as
> possible, even if they can pass off on to a closer more powerful one.
>
> I know retailers are looking at targeting customers via their location,
> but I think that currently needs the co-operation of the customer's
> device via a downloaded app.
>
>> and simpler things like knowing
>> how long they stay and if they have been on the premises before.
>
> I can see now why you wanted to stop customers/employees from using
> their 4G connection.
There is no point in offering wireless to customers when they aren?t
going to use it.
>> That is what using RADIUS apparently leads to when you have devices
using
>> PXE boot. Maybe they need to be considered as a security risk and be
>> replaced.
>
> You mentioned X2Go and that your PXE booting clients used it. I know
> X2Go and the client is a standalone app that uses ssh to login to the
> server to initiate a remote desktop type environment. There's nothing
> in X2Go per se that requires a persistent network connection before
> they connect. So, am I right in assuming that your PXE clients are
> actually diskless machines that get all of their environment from the
> network?
They are, and they boot to where a user needs to enter a username and a
password to log in. Perhaps that can be changed, but I?m glad that it
works as well as it does and am not inclined to touch it. It seems rather
fragile, the documentation isn?t too great and you are left to your magic
guesswork about how it might work.
There are things that bother me like that you can not set a screen resolution
based on the user that logs in, and I had to set it to a fixed resolution for
all clients. Replacing these devices rather than messing with them would have
some advantages --- and disadvantages.