Steven Tardy wrote:
On Wed, Mar 7, 2018 at 11:57 AM hw wrote:
Apparently Cisco can do it:
https://www.cisco.com/c/en/us/products/collateral/wireless/wireless-location-appliance/product_data_sheet0900aecd80293728.html
I was going to mention Cisco WCS which uses wireless
On Wed, Mar 7, 2018 at 11:57 AM hw wrote:
> Apparently Cisco can do it:
>
>
> https://www.cisco.com/c/en/us/products/collateral/wireless/wireless-location-appliance/product_data_sheet0900aecd80293728.html
I was going to mention Cisco WCS which uses wireless “controllers” and
Gordon Messmer wrote:
On 03/01/2018 03:06 AM, hw wrote:
It is illogical to lump all network access together into a single category.
...
If your device can communicate with a switch, even for the purpose of
authenticating, then it has network access.
The device has access to the switch
Gordon Messmer wrote:
On 03/01/2018 09:26 AM, hw wrote:
I was asking for documentation telling me how RADIUS can be used, not only
that it can be used.
RADIUS is a backend component of 802.1x and WPA2 Enterprise. You appear to be
looking for information on how to use those two. If you look
Pete Biggs wrote:
What do you want?
I was asking for documentation telling me how RADIUS can be used, not only
that it can be used.
RADIUS is just an authentication (plus a bit more) protocol - what you
are asking is like asking how LDAP can be used. Usually it's treated
like a magic black
Pete Biggs wrote:
That´s not my problem to solve, but think about it: You can get a lot more
information using CCTV cameras, and those are everywhere. Unfortunately,
nobody cares, and it´s not like you have a choice. So why would there
be any legal issues?
It's called "A Law". Different
Stephen John Smoogen wrote:
On 2 March 2018 at 12:07, hw wrote:
Oh yeah. Who ever gave you those marching orders needs to talk with
all kinds of lawyers... even researching for it might be problematic
in some countries due to a multitude of laws. You are walking out of
setting
> That´s not my problem to solve, but think about it: You can get a lot more
> information using CCTV cameras, and those are everywhere. Unfortunately,
> nobody cares, and it´s not like you have a choice. So why would there
> be any legal issues?
It's called "A Law". Different places have
On 2 March 2018 at 12:07, hw wrote:
>>
>> Oh yeah. Who ever gave you those marching orders needs to talk with
>> all kinds of lawyers... even researching for it might be problematic
>> in some countries due to a multitude of laws. You are walking out of
>> setting up a wireless
Stephen John Smoogen wrote:
On 1 March 2018 at 12:26, hw wrote:
Stephen John Smoogen wrote:
On 1 March 2018 at 08:42, hw wrote:
I didn´t say I want that, and I don´t know yet what I want. A captive
portal may
be nice, but I haven´t found a way to set one up
On 03/01/2018 09:26 AM, hw wrote:
I was asking for documentation telling me how RADIUS can be used, not
only
that it can be used.
RADIUS is a backend component of 802.1x and WPA2 Enterprise. You appear
to be looking for information on how to use those two. If you look for
documentation on
On 03/01/2018 03:06 AM, hw wrote:
It is illogical to lump all network access together into a single
category.
...
If your device can communicate with a switch, even for the purpose of
authenticating, then it has network access.
The device has access to the switch which, depending on what
Once upon a time, hw said:
> The task is to provide wireless coverage for employees and customers on
> company premises. It is desirable to be able to keep track of customers,
> as in knowing where exactly on the premises they currently are (within
> like 3--5 feet, which is
On 3/1/18 10:02 AM, Pete Biggs wrote:
What are your constraints? [AKA what have you been told to do.]
The task is to provide wireless coverage for employees and customers on
company premises. It is desirable to be able to keep track of customers,
as in knowing where exactly on the premises
> > What do you want?
>
> I was asking for documentation telling me how RADIUS can be used, not only
> that it can be used.
RADIUS is just an authentication (plus a bit more) protocol - what you
are asking is like asking how LDAP can be used. Usually it's treated
like a magic black box by
On 1 March 2018 at 12:26, hw wrote:
> Stephen John Smoogen wrote:
>>
>> On 1 March 2018 at 08:42, hw wrote:
>>
>>>
>>> I didn´t say I want that, and I don´t know yet what I want. A captive
>>> portal may
>>> be nice, but I haven´t found a way to set one up yet, and
Stephen John Smoogen wrote:
On 1 March 2018 at 08:42, hw wrote:
I didn´t say I want that, and I don´t know yet what I want. A captive
portal may
be nice, but I haven´t found a way to set one up yet, and I don´t have an
access
point controller which would provide one, so I
On 1 March 2018 at 08:42, hw wrote:
>
> I didn´t say I want that, and I don´t know yet what I want. A captive
> portal may
> be nice, but I haven´t found a way to set one up yet, and I don´t have an
> access
> point controller which would provide one, so I can´t tell if that´s
John Hodrien wrote:
This is really nothing to do with CentOS anymore, if it ever was.
right
On Thu, 1 Mar 2018, hw wrote:
If PXE boot is not possible because it would require to allow network access
to unauthorized devices, or if it is not reasonably feasible because
switching the device
This is really nothing to do with CentOS anymore, if it ever was.
On Thu, 1 Mar 2018, hw wrote:
If PXE boot is not possible because it would require to allow network access
to unauthorized devices, or if it is not reasonably feasible because
switching the device to a different VLAN after
Gordon Messmer wrote:
On 02/27/2018 08:21 AM, hw wrote:
Gordon Messmer wrote:
I've never seen anyone actually do this, but there's an article discussing it.
It is noteworthy that this requires enforcement in the client OS, as well as
the switch.
The article itself says that what it is
On 02/27/2018 08:21 AM, hw wrote:
Gordon Messmer wrote:
I've never seen anyone actually do this, but there's an article
discussing it. It is noteworthy that this requires enforcement in
the client OS, as well as the switch.
The article itself says that what it is describing only works
Gordon Messmer wrote:
On 02/23/2018 03:22 AM, hw wrote:
I´m not sure how to imagine it. It would be nice if every device connecting to
the network, wirelessly or otherwise, had to be authenticated --- and not only
the device, but also the user(s) using it.
On 02/23/2018 03:22 AM, hw wrote:
I´m not sure how to imagine it. It would be nice if every device
connecting to
the network, wirelessly or otherwise, had to be authenticated --- and
not only
the device, but also the user(s) using it.
Pete Biggs wrote:
A prerequisite for PXE is DHCP - by the time your device does anything
with PXE it's already accessed the network and got an IP address and so
on. There is absolutely no way to prohibit access to your network
without first allowing the device some access to your network in
>
> > A prerequisite for PXE is DHCP - by the time your device does anything
> > with PXE it's already accessed the network and got an IP address and so
> > on. There is absolutely no way to prohibit access to your network
> > without first allowing the device some access to your network in
Pete Biggs wrote:
Yes, I do it frequently with my phone. You do it once and it remembers
it. My phone is more often on wifi than on 4G when I'm in a town.
And you need to install certificates or enter a password or something?
Yes. Just once, then things are remembered and you can seemlessly
On Fri, Feb 23, 2018 at 1:57 PM, hw wrote:
> Richard Grainger wrote:
>>
>> On Fri, Feb 23, 2018 at 12:56 PM, hw wrote:
>>>
>>> That requires some way to distinguish between customers, and it means
>>> that distinguishing between devices is not sufficient for
Pete Biggs wrote:
MAC addresses could be faked.
The PXE protocol, as far as I can see, has no concept of authorisation
- although its certainly possible to introduce it after PXE has done
its bit (but before imaging or whatever).
You may be better off with authenticating the DHCP using
> > Yes, I do it frequently with my phone. You do it once and it remembers
> > it. My phone is more often on wifi than on 4G when I'm in a town.
>
> And you need to install certificates or enter a password or something?
Yes. Just once, then things are remembered and you can seemlessly roam
Richard Grainger wrote:
On Fri, Feb 23, 2018 at 12:56 PM, hw wrote:
That requires some way to distinguish between customers, and it means
that distinguishing between devices is not sufficient for registered
customers.
Once the customer logs into the captive web portal on the
John Hodrien wrote:
On Fri, 23 Feb 2018, hw wrote:
There are devices that are using PXE-boot and require access to the company
LAN. If I was to allow PXE-boot for unauthenticated devices, the whole
thing would be pointless because it would defeat any security advantage that
could be gained by
Pete Biggs wrote:
There are devices that are using PXE-boot and require access to the company LAN.
If I was to allow PXE-boot for unauthenticated devices, the whole thing would be
pointless because it would defeat any security advantage that could be gained by
requiring all devices and users
On Fri, Feb 23, 2018 at 12:56 PM, hw wrote:
> That requires some way to distinguish between customers, and it means
> that distinguishing between devices is not sufficient for registered
> customers.
Once the customer logs into the captive web portal on the guest WiFi
SSID you
> MAC addresses could be faked.
>
> > The PXE protocol, as far as I can see, has no concept of authorisation
> > - although its certainly possible to introduce it after PXE has done
> > its bit (but before imaging or whatever).
> >
> > You may be better off with authenticating the DHCP using
Richard Grainger wrote:
On Fri, Feb 23, 2018 at 11:22 AM, hw wrote:
As a customer visting a store, would you go to the lengths of configuring
your
cell phone (or other wireless device) to authenticate with a RADIUS server
in
order to gain internet access through the wirless
Richard Grainger wrote:
On Fri, Feb 23, 2018 at 11:25 AM, hw wrote:
But MAC addresses can be faked, can´t they?
Yes, someone can go to the trouble of obtaining a known corporate MAC
address and MAC-spoofing their personal device so they can PXE-boot a
corporate build on a
Pete Biggs wrote:
https://www.eduroam.org/
I configure wireless once on my device (phone/tablet/laptop) and then can
travel to institutions all round the world and use their networks seamlessly.
How useless and infeasible indeed.
Well, this country
"this country"?
Germany
is
On Fri, 23 Feb 2018, hw wrote:
There are devices that are using PXE-boot and require access to the company
LAN. If I was to allow PXE-boot for unauthenticated devices, the whole
thing would be pointless because it would defeat any security advantage that
could be gained by requiring all
> There are devices that are using PXE-boot and require access to the company
> LAN.
> If I was to allow PXE-boot for unauthenticated devices, the whole thing would
> be
> pointless because it would defeat any security advantage that could be gained
> by
> requiring all devices and users to be
John Hodrien wrote:
On Fri, 23 Feb 2018, hw wrote:
That would be a problem because clients using PXE-boot require network
access, and it wouldn´t contribute to security if unauthorized clients were
allwed to PXE-boot.
What problem are you actually trying to solve?
There are multiple
On Fri, Feb 23, 2018 at 11:22 AM, hw wrote:
> As a customer visting a store, would you go to the lengths of configuring
> your
> cell phone (or other wireless device) to authenticate with a RADIUS server
> in
> order to gain internet access through the wirless network of the
>
> > https://www.eduroam.org/
> >
> > I configure wireless once on my device (phone/tablet/laptop) and then can
> > travel to institutions all round the world and use their networks
> > seamlessly.
> > How useless and infeasible indeed.
>
> Well, this country
"this country"?
> is almost
On Fri, Feb 23, 2018 at 11:25 AM, hw wrote:
> But MAC addresses can be faked, can´t they?
Yes, someone can go to the trouble of obtaining a known corporate MAC
address and MAC-spoofing their personal device so they can PXE-boot a
corporate build on a VLAN that is otherwise
Richard Grainger wrote:
On Fri, Feb 23, 2018 at 10:33 AM, hw wrote:
That would be a problem because clients using PXE-boot require network
access,
and it wouldn´t contribute to security if unauthorized clients were allwed
to
PXE-boot.
Two solutions to this:
1. Enable
Gordon Messmer wrote:
On 02/22/2018 03:22 AM, hw wrote:
Gordon Messmer wrote:
Look for documentation on 802.11x authentication for the specific client you
want to authenticate.
Thanks, I figured it is what I might need to look into. How about
a client that uses PXE boot?
Provide PXE
On Fri, Feb 23, 2018 at 10:33 AM, hw wrote:
> That would be a problem because clients using PXE-boot require network
> access,
> and it wouldn´t contribute to security if unauthorized clients were allwed
> to
> PXE-boot.
Two solutions to this:
1. Enable "exception by MAC
On Fri, 23 Feb 2018, hw wrote:
That would be a problem because clients using PXE-boot require network
access, and it wouldn´t contribute to security if unauthorized clients were
allwed to PXE-boot.
What problem are you actually trying to solve?
jh
John Hodrien wrote:
On Thu, 22 Feb 2018, hw wrote:
That seems neither useful, nor feasible for customers wanting to use the
wireless network we would set up for them with their cell phones. Are cell
phones even capable of this kind of authentication?
Yes, entirely capable. WPA2-Enterprise
On 02/22/2018 03:22 AM, hw wrote:
Gordon Messmer wrote:
Look for documentation on 802.11x authentication for the specific
client you want to authenticate.
Thanks, I figured it is what I might need to look into. How about
a client that uses PXE boot?
Provide PXE (dhcp, dns, tftp) on an
On Thu, 22 Feb 2018, hw wrote:
That seems neither useful, nor feasible for customers wanting to use the
wireless network we would set up for them with their cell phones. Are cell
phones even capable of this kind of authentication?
Yes, entirely capable. WPA2-Enterprise isn't some freakish
Gordon Messmer wrote:
On 02/14/2018 08:37 AM, hw wrote:
Then what? How do I make it so that the users are actually able to authenticate?
Look for documentation on 802.11x authentication for the specific client you
want to authenticate.
Thanks, I figured it is what I might need to look
On 02/14/2018 08:37 AM, hw wrote:
Then what? How do I make it so that the users are actually able to
authenticate?
Look for documentation on 802.11x authentication for the specific client
you want to authenticate.
WiFi is pretty straightforward. You're probably accustomed to
Javier Romero wrote:
Hi,
Radius is a AAA protocol (Authorization, Aurhentication and Accounting) you
can use rhe three methods or only one of them.
Authentication can be done by usong a Freeradius Server, aitvorization will
give a userr profile with certain privileges for example In a network
Hi,
Radius is a AAA protocol (Authorization, Aurhentication and Accounting) you
can use rhe three methods or only one of them.
Authentication can be done by usong a Freeradius Server, aitvorization will
give a userr profile with certain privileges for example In a network
connection, and
Hi,
I´m trying to figure out how to practically use RADIUS to authenticate
users.
So far, I have only found documentation explaining that the idea is that
users somehow magically need to authenticate against a RADIUS server via
a device like a switch or a wireless access point before they are
Dear All
Can you please let me know how can I check if a radius server
application is present on my centos server ?
Thank you
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
On 11/03/2014 11:46, Hadi Motamedi wrote:
Dear All
Can you please let me know how can I check if a radius server
application is present on my centos server ?
Thank you
You can check if something called radius, or is listening on the radius
port with:
netstat -tulp | grep radius
Typically,
On Tue, Mar 11, 2014 at 9:20 AM, Giles Coochey gi...@coochey.net wrote:
On 11/03/2014 11:46, Hadi Motamedi wrote:
Dear All
Can you please let me know how can I check if a radius server
application is present on my centos server ?
Thank you
You can check if something called radius, or is
On Tue, March 11, 2014 07:46, Hadi Motamedi wrote:
Dear All
Can you please let me know how can I check if a radius server
application is present on my centos server ?
Thank you
yum list \*radius\*
. . .
Installed Packages
radiusclient-ng.x86_64 0.5.6-5.el6
On 3/11/14, James B. Byrne byrn...@harte-lyne.ca wrote:
On Tue, March 11, 2014 07:46, Hadi Motamedi wrote:
Dear All
Can you please let me know how can I check if a radius server
application is present on my centos server ?
Thank you
yum list \*radius\*
. . .
Installed Packages
I've been running FreeRadius 2 on Centos 5.5 for a while now. So far so
good. I'm now looking to make connecting to our WPA secured wireless easier.
The RADIUS server is running in a VM and since the system is in use I
have copied the original and used that copy to create a test
environment.
David Hl??ik [EMAIL PROTECTED] wrote:
Hi , will be someone so kind and will provide mi howto, or working
configuration of Acess Point WPA authentification using Radius Server . I
have followed a lot of howtos, unfortunatelly no one works for me.
Using Centos 5.1 .
I put up a blog entry on
Hi , will be someone so kind and will provide mi howto, or working
configuration of Acess Point WPA authentification using Radius Server . I
have followed a lot of howtos, unfortunatelly no one works for me.
Using Centos 5.1 .
Thanks,
Regards
D.
64 matches
Mail list logo