Re: [CentOS] RADIUS

Steven Tardy wrote: On Wed, Mar 7, 2018 at 11:57 AM hw wrote: Apparently Cisco can do it: https://www.cisco.com/c/en/us/products/collateral/wireless/wireless-location-appliance/product_data_sheet0900aecd80293728.html I was going to mention Cisco WCS which uses wireless

Re: [CentOS] RADIUS

On Wed, Mar 7, 2018 at 11:57 AM hw wrote: > Apparently Cisco can do it: > > > https://www.cisco.com/c/en/us/products/collateral/wireless/wireless-location-appliance/product_data_sheet0900aecd80293728.html I was going to mention Cisco WCS which uses wireless “controllers” and

Re: [CentOS] RADIUS

Gordon Messmer wrote: On 03/01/2018 03:06 AM, hw wrote: It is illogical to lump all network access together into a single category. ... If your device can communicate with a switch, even for the purpose of authenticating, then it has network access. The device has access to the switch

Re: [CentOS] RADIUS

Gordon Messmer wrote: On 03/01/2018 09:26 AM, hw wrote: I was asking for documentation telling me how RADIUS can be used, not only that it can be used. RADIUS is a backend component of 802.1x and WPA2 Enterprise.  You appear to be looking for information on how to use those two.  If you look

Re: [CentOS] RADIUS

Pete Biggs wrote: What do you want? I was asking for documentation telling me how RADIUS can be used, not only that it can be used. RADIUS is just an authentication (plus a bit more) protocol - what you are asking is like asking how LDAP can be used. Usually it's treated like a magic black

Re: [CentOS] RADIUS

Pete Biggs wrote: That´s not my problem to solve, but think about it: You can get a lot more information using CCTV cameras, and those are everywhere. Unfortunately, nobody cares, and it´s not like you have a choice. So why would there be any legal issues? It's called "A Law". Different

Re: [CentOS] RADIUS

Stephen John Smoogen wrote: On 2 March 2018 at 12:07, hw wrote: Oh yeah. Who ever gave you those marching orders needs to talk with all kinds of lawyers... even researching for it might be problematic in some countries due to a multitude of laws. You are walking out of setting

Re: [CentOS] RADIUS

> That´s not my problem to solve, but think about it: You can get a lot more > information using CCTV cameras, and those are everywhere. Unfortunately, > nobody cares, and it´s not like you have a choice. So why would there > be any legal issues? It's called "A Law". Different places have

Re: [CentOS] RADIUS

On 2 March 2018 at 12:07, hw wrote: >> >> Oh yeah. Who ever gave you those marching orders needs to talk with >> all kinds of lawyers... even researching for it might be problematic >> in some countries due to a multitude of laws. You are walking out of >> setting up a wireless

Re: [CentOS] RADIUS

Stephen John Smoogen wrote: On 1 March 2018 at 12:26, hw wrote: Stephen John Smoogen wrote: On 1 March 2018 at 08:42, hw wrote: I didn´t say I want that, and I don´t know yet what I want. A captive portal may be nice, but I haven´t found a way to set one up

Re: [CentOS] RADIUS

On 03/01/2018 09:26 AM, hw wrote: I was asking for documentation telling me how RADIUS can be used, not only that it can be used. RADIUS is a backend component of 802.1x and WPA2 Enterprise.  You appear to be looking for information on how to use those two.  If you look for documentation on

Re: [CentOS] RADIUS

On 03/01/2018 03:06 AM, hw wrote: It is illogical to lump all network access together into a single category. ... If your device can communicate with a switch, even for the purpose of authenticating, then it has network access. The device has access to the switch which, depending on what

Re: [CentOS] RADIUS

Once upon a time, hw said: > The task is to provide wireless coverage for employees and customers on > company premises. It is desirable to be able to keep track of customers, > as in knowing where exactly on the premises they currently are (within > like 3--5 feet, which is

Re: [CentOS] RADIUS

On 3/1/18 10:02 AM, Pete Biggs wrote: What are your constraints? [AKA what have you been told to do.] The task is to provide wireless coverage for employees and customers on company premises. It is desirable to be able to keep track of customers, as in knowing where exactly on the premises

Re: [CentOS] RADIUS

> > What do you want? > > I was asking for documentation telling me how RADIUS can be used, not only > that it can be used. RADIUS is just an authentication (plus a bit more) protocol - what you are asking is like asking how LDAP can be used. Usually it's treated like a magic black box by

Re: [CentOS] RADIUS

On 1 March 2018 at 12:26, hw wrote: > Stephen John Smoogen wrote: >> >> On 1 March 2018 at 08:42, hw wrote: >> >>> >>> I didn´t say I want that, and I don´t know yet what I want. A captive >>> portal may >>> be nice, but I haven´t found a way to set one up yet, and

Re: [CentOS] RADIUS

Stephen John Smoogen wrote: On 1 March 2018 at 08:42, hw wrote: I didn´t say I want that, and I don´t know yet what I want. A captive portal may be nice, but I haven´t found a way to set one up yet, and I don´t have an access point controller which would provide one, so I

Re: [CentOS] RADIUS

On 1 March 2018 at 08:42, hw wrote: > > I didn´t say I want that, and I don´t know yet what I want. A captive > portal may > be nice, but I haven´t found a way to set one up yet, and I don´t have an > access > point controller which would provide one, so I can´t tell if that´s

Re: [CentOS] RADIUS

John Hodrien wrote: This is really nothing to do with CentOS anymore, if it ever was. right On Thu, 1 Mar 2018, hw wrote: If PXE boot is not possible because it would require to allow network access to unauthorized devices, or if it is not reasonably feasible because switching the device

Re: [CentOS] RADIUS

This is really nothing to do with CentOS anymore, if it ever was. On Thu, 1 Mar 2018, hw wrote: If PXE boot is not possible because it would require to allow network access to unauthorized devices, or if it is not reasonably feasible because switching the device to a different VLAN after

Re: [CentOS] RADIUS

Gordon Messmer wrote: On 02/27/2018 08:21 AM, hw wrote: Gordon Messmer wrote: I've never seen anyone actually do this, but there's an article discussing it.  It is noteworthy that this requires enforcement in the client OS, as well as the switch. The article itself says that what it is

Re: [CentOS] RADIUS

On 02/27/2018 08:21 AM, hw wrote: Gordon Messmer wrote: I've never seen anyone actually do this, but there's an article discussing it.  It is noteworthy that this requires enforcement in the client OS, as well as the switch. The article itself says that what it is describing only works

Re: [CentOS] RADIUS

Gordon Messmer wrote: On 02/23/2018 03:22 AM, hw wrote: I´m not sure how to imagine it.  It would be nice if every device connecting to the network, wirelessly or otherwise, had to be authenticated --- and not only the device, but also the user(s) using it.

Re: [CentOS] RADIUS

On 02/23/2018 03:22 AM, hw wrote: I´m not sure how to imagine it.  It would be nice if every device connecting to the network, wirelessly or otherwise, had to be authenticated --- and not only the device, but also the user(s) using it.

Re: [CentOS] RADIUS

Pete Biggs wrote: A prerequisite for PXE is DHCP - by the time your device does anything with PXE it's already accessed the network and got an IP address and so on. There is absolutely no way to prohibit access to your network without first allowing the device some access to your network in

Re: [CentOS] RADIUS

> > > A prerequisite for PXE is DHCP - by the time your device does anything > > with PXE it's already accessed the network and got an IP address and so > > on. There is absolutely no way to prohibit access to your network > > without first allowing the device some access to your network in

Re: [CentOS] RADIUS

Pete Biggs wrote: Yes, I do it frequently with my phone. You do it once and it remembers it. My phone is more often on wifi than on 4G when I'm in a town. And you need to install certificates or enter a password or something? Yes. Just once, then things are remembered and you can seemlessly

Re: [CentOS] RADIUS

On Fri, Feb 23, 2018 at 1:57 PM, hw wrote: > Richard Grainger wrote: >> >> On Fri, Feb 23, 2018 at 12:56 PM, hw wrote: >>> >>> That requires some way to distinguish between customers, and it means >>> that distinguishing between devices is not sufficient for

Re: [CentOS] RADIUS

Pete Biggs wrote: MAC addresses could be faked. The PXE protocol, as far as I can see, has no concept of authorisation - although its certainly possible to introduce it after PXE has done its bit (but before imaging or whatever). You may be better off with authenticating the DHCP using

Re: [CentOS] RADIUS

> > Yes, I do it frequently with my phone. You do it once and it remembers > > it. My phone is more often on wifi than on 4G when I'm in a town. > > And you need to install certificates or enter a password or something? Yes. Just once, then things are remembered and you can seemlessly roam

Re: [CentOS] RADIUS

Richard Grainger wrote: On Fri, Feb 23, 2018 at 12:56 PM, hw wrote: That requires some way to distinguish between customers, and it means that distinguishing between devices is not sufficient for registered customers. Once the customer logs into the captive web portal on the

Re: [CentOS] RADIUS

John Hodrien wrote: On Fri, 23 Feb 2018, hw wrote: There are devices that are using PXE-boot and require access to the company LAN.  If I was to allow PXE-boot for unauthenticated devices, the whole thing would be pointless because it would defeat any security advantage that could be gained by

Re: [CentOS] RADIUS

Pete Biggs wrote: There are devices that are using PXE-boot and require access to the company LAN. If I was to allow PXE-boot for unauthenticated devices, the whole thing would be pointless because it would defeat any security advantage that could be gained by requiring all devices and users

Re: [CentOS] RADIUS

On Fri, Feb 23, 2018 at 12:56 PM, hw wrote: > That requires some way to distinguish between customers, and it means > that distinguishing between devices is not sufficient for registered > customers. Once the customer logs into the captive web portal on the guest WiFi SSID you

Re: [CentOS] RADIUS

> MAC addresses could be faked. > > > The PXE protocol, as far as I can see, has no concept of authorisation > > - although its certainly possible to introduce it after PXE has done > > its bit (but before imaging or whatever). > > > > You may be better off with authenticating the DHCP using

Re: [CentOS] RADIUS

Richard Grainger wrote: On Fri, Feb 23, 2018 at 11:22 AM, hw wrote: As a customer visting a store, would you go to the lengths of configuring your cell phone (or other wireless device) to authenticate with a RADIUS server in order to gain internet access through the wirless

Re: [CentOS] RADIUS

Richard Grainger wrote: On Fri, Feb 23, 2018 at 11:25 AM, hw wrote: But MAC addresses can be faked, can´t they? Yes, someone can go to the trouble of obtaining a known corporate MAC address and MAC-spoofing their personal device so they can PXE-boot a corporate build on a

Re: [CentOS] RADIUS

Pete Biggs wrote: https://www.eduroam.org/ I configure wireless once on my device (phone/tablet/laptop) and then can travel to institutions all round the world and use their networks seamlessly. How useless and infeasible indeed. Well, this country "this country"? Germany is

Re: [CentOS] RADIUS

On Fri, 23 Feb 2018, hw wrote: There are devices that are using PXE-boot and require access to the company LAN. If I was to allow PXE-boot for unauthenticated devices, the whole thing would be pointless because it would defeat any security advantage that could be gained by requiring all

Re: [CentOS] RADIUS

> There are devices that are using PXE-boot and require access to the company > LAN. > If I was to allow PXE-boot for unauthenticated devices, the whole thing would > be > pointless because it would defeat any security advantage that could be gained > by > requiring all devices and users to be

Re: [CentOS] RADIUS

John Hodrien wrote: On Fri, 23 Feb 2018, hw wrote: That would be a problem because clients using PXE-boot require network access, and it wouldn´t contribute to security if unauthorized clients were allwed to PXE-boot. What problem are you actually trying to solve? There are multiple

Re: [CentOS] RADIUS

On Fri, Feb 23, 2018 at 11:22 AM, hw wrote: > As a customer visting a store, would you go to the lengths of configuring > your > cell phone (or other wireless device) to authenticate with a RADIUS server > in > order to gain internet access through the wirless network of the

Re: [CentOS] RADIUS

> > > https://www.eduroam.org/ > > > > I configure wireless once on my device (phone/tablet/laptop) and then can > > travel to institutions all round the world and use their networks > > seamlessly. > > How useless and infeasible indeed. > > Well, this country "this country"? > is almost

Re: [CentOS] RADIUS

On Fri, Feb 23, 2018 at 11:25 AM, hw wrote: > But MAC addresses can be faked, can´t they? Yes, someone can go to the trouble of obtaining a known corporate MAC address and MAC-spoofing their personal device so they can PXE-boot a corporate build on a VLAN that is otherwise

Re: [CentOS] RADIUS

Richard Grainger wrote: On Fri, Feb 23, 2018 at 10:33 AM, hw wrote: That would be a problem because clients using PXE-boot require network access, and it wouldn´t contribute to security if unauthorized clients were allwed to PXE-boot. Two solutions to this: 1. Enable

Re: [CentOS] RADIUS

Gordon Messmer wrote: On 02/22/2018 03:22 AM, hw wrote: Gordon Messmer wrote: Look for documentation on 802.11x authentication for the specific client you want to authenticate. Thanks, I figured it is what I might need to look into.  How about a client that uses PXE boot? Provide PXE

Re: [CentOS] RADIUS

On Fri, Feb 23, 2018 at 10:33 AM, hw wrote: > That would be a problem because clients using PXE-boot require network > access, > and it wouldn´t contribute to security if unauthorized clients were allwed > to > PXE-boot. Two solutions to this: 1. Enable "exception by MAC

Re: [CentOS] RADIUS

On Fri, 23 Feb 2018, hw wrote: That would be a problem because clients using PXE-boot require network access, and it wouldn´t contribute to security if unauthorized clients were allwed to PXE-boot. What problem are you actually trying to solve? jh

Re: [CentOS] RADIUS

John Hodrien wrote: On Thu, 22 Feb 2018, hw wrote: That seems neither useful, nor feasible for customers wanting to use the wireless network we would set up for them with their cell phones.  Are cell phones even capable of this kind of authentication? Yes, entirely capable.  WPA2-Enterprise

Re: [CentOS] RADIUS

On 02/22/2018 03:22 AM, hw wrote: Gordon Messmer wrote: Look for documentation on 802.11x authentication for the specific client you want to authenticate. Thanks, I figured it is what I might need to look into.  How about a client that uses PXE boot? Provide PXE (dhcp, dns, tftp) on an

Re: [CentOS] RADIUS

On Thu, 22 Feb 2018, hw wrote: That seems neither useful, nor feasible for customers wanting to use the wireless network we would set up for them with their cell phones. Are cell phones even capable of this kind of authentication? Yes, entirely capable. WPA2-Enterprise isn't some freakish

Re: [CentOS] RADIUS

Gordon Messmer wrote: On 02/14/2018 08:37 AM, hw wrote: Then what?  How do I make it so that the users are actually able to authenticate? Look for documentation on 802.11x authentication for the specific client you want to authenticate. Thanks, I figured it is what I might need to look

Re: [CentOS] RADIUS

On 02/14/2018 08:37 AM, hw wrote: Then what?  How do I make it so that the users are actually able to authenticate? Look for documentation on 802.11x authentication for the specific client you want to authenticate. WiFi is pretty straightforward.  You're probably accustomed to

Re: [CentOS] RADIUS

Javier Romero wrote: Hi, Radius is a AAA protocol (Authorization, Aurhentication and Accounting) you can use rhe three methods or only one of them. Authentication can be done by usong a Freeradius Server, aitvorization will give a userr profile with certain privileges for example In a network

Re: [CentOS] RADIUS

Hi, Radius is a AAA protocol (Authorization, Aurhentication and Accounting) you can use rhe three methods or only one of them. Authentication can be done by usong a Freeradius Server, aitvorization will give a userr profile with certain privileges for example In a network connection, and

[CentOS] RADIUS

Hi, I´m trying to figure out how to practically use RADIUS to authenticate users. So far, I have only found documentation explaining that the idea is that users somehow magically need to authenticate against a RADIUS server via a device like a switch or a wireless access point before they are

[CentOS] radius?

Dear All Can you please let me know how can I check if a radius server application is present on my centos server ? Thank you ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] radius?

On 11/03/2014 11:46, Hadi Motamedi wrote: Dear All Can you please let me know how can I check if a radius server application is present on my centos server ? Thank you You can check if something called radius, or is listening on the radius port with: netstat -tulp | grep radius Typically,

Re: [CentOS] radius?

On Tue, Mar 11, 2014 at 9:20 AM, Giles Coochey gi...@coochey.net wrote: On 11/03/2014 11:46, Hadi Motamedi wrote: Dear All Can you please let me know how can I check if a radius server application is present on my centos server ? Thank you You can check if something called radius, or is

Re: [CentOS] radius?

On Tue, March 11, 2014 07:46, Hadi Motamedi wrote: Dear All Can you please let me know how can I check if a radius server application is present on my centos server ? Thank you yum list \*radius\* . . . Installed Packages radiusclient-ng.x86_64 0.5.6-5.el6

Re: [CentOS] radius?

On 3/11/14, James B. Byrne byrn...@harte-lyne.ca wrote: On Tue, March 11, 2014 07:46, Hadi Motamedi wrote: Dear All Can you please let me know how can I check if a radius server application is present on my centos server ? Thank you yum list \*radius\* . . . Installed Packages

[CentOS] RADIUS Questions

I've been running FreeRadius 2 on Centos 5.5 for a while now. So far so good. I'm now looking to make connecting to our WPA secured wireless easier. The RADIUS server is running in a VM and since the system is in use I have copied the original and used that copy to create a test environment.

Re: [CentOS] radius WPA

David Hl??ik [EMAIL PROTECTED] wrote: Hi , will be someone so kind and will provide mi howto, or working configuration of Acess Point WPA authentification using Radius Server . I have followed a lot of howtos, unfortunatelly no one works for me. Using Centos 5.1 . I put up a blog entry on

[CentOS] radius WPA

Hi , will be someone so kind and will provide mi howto, or working configuration of Acess Point WPA authentification using Radius Server . I have followed a lot of howtos, unfortunatelly no one works for me. Using Centos 5.1 . Thanks, Regards D.