search for: allwed

...ent can't have any network access, > that's what they get.? Presumably you could drop an unauthenticated machine > into a different VLAN. That would be a problem because clients using PXE-boot require network access, and it wouldn?t contribute to security if unauthorized clients were allwed to PXE-boot.

It worked on C 6, but on a C 7 box, I've restarted crond, and cron.allow doesn't have what's in cron.allw.local. What am I missing, folks? mark

On Fri, Feb 23, 2018 at 10:33 AM, hw <hw at gc-24.de> wrote: > That would be a problem because clients using PXE-boot require network > access, > and it wouldn?t contribute to security if unauthorized clients were allwed > to > PXE-boot. Two solutions to this: 1. Enable "exception by MAC address": only known MAC addresses get put onto the PXE boot VLAN. Other unauthenticated client goes onto a "no access" VLAN (many places make this the same VLAN as the guest WiFi VLAN with internet acce...

Richard Grainger wrote: > On Fri, Feb 23, 2018 at 10:33 AM, hw <hw at gc-24.de> wrote: > >> That would be a problem because clients using PXE-boot require network >> access, >> and it wouldn?t contribute to security if unauthorized clients were allwed >> to >> PXE-boot. > > Two solutions to this: > > 1. Enable "exception by MAC address": only known MAC addresses get put > onto the PXE boot VLAN. Other unauthenticated client goes onto a "no > access" VLAN (many places make this the same VLAN as...

On Fri, 23 Feb 2018, hw wrote: > That would be a problem because clients using PXE-boot require network > access, and it wouldn?t contribute to security if unauthorized clients were > allwed to PXE-boot. What problem are you actually trying to solve? jh

...twork access, > > that's what they get. Presumably you could drop an unauthenticated machine > > into a different VLAN. > > That would be a problem because clients using PXE-boot require network access, > and it wouldn?t contribute to security if unauthorized clients were allwed to > PXE-boot. > So restrict based on MAC address at the PXE boot stage. The PXE protocol, as far as I can see, has no concept of authorisation - although its certainly possible to introduce it after PXE has done its bit (but before imaging or whatever). You may be better off with authenti...

...;>> that's what they get. Presumably you could drop an unauthenticated machine >>> into a different VLAN. >> >> That would be a problem because clients using PXE-boot require network access, >> and it wouldn?t contribute to security if unauthorized clients were allwed to >> PXE-boot. >> > So restrict based on MAC address at the PXE boot stage. MAC addresses could be faked. > The PXE protocol, as far as I can see, has no concept of authorisation > - although its certainly possible to introduce it after PXE has done > its bit (but before...

Gordon Messmer wrote: > On 02/14/2018 08:37 AM, hw wrote: >> Then what?? How do I make it so that the users are actually able to authenticate? > > > Look for documentation on 802.11x authentication for the specific client you want to authenticate. Thanks, I figured it is what I might need to look into. How about a client that uses PXE boot? > WiFi is pretty