> > VMPS is only one part of the problem. > Do you want to add a Database, Client Security tools/interfaces, policy > engine, > interfaces to AntiVirus servers, scanners, Patch servers, and so to > FreeRadius?
Yes. By implementing EAP-TNC. > I thought Freeradius concentrates on the authentication protocols, not > the > network integration aspects? Perhaps you could explain, if FreeRadius supported EAP-TNC, why I as a medium/large organisation would possibly want to use FreeNAC? Bearing in mind that (correct me if I'm wrong) FreeNAC consists of: * a database schema * a web editor for said database * a gui editor for said database (bleh) * a freeradius config to authenticate off that database * a patched version of openvmps to query off that database * yet another re-implementation of netdisco (www.netdisco.org) talking to the same database * some helper utilities for pulling info from SMS/Wsus We (for example) already have a network/vlan/switchh/host/router database, SQL schema and SQL servers, web interface to same, device management/discover/polling and helper utilties hooked up to wsus. I'm not saying what FreeNAC is doing is wrong, but it does not help to represent it as something it's not. I would have understood this a lot more: """FreeNAC is a standard database schema, GUI and set of management tools for running access-controlled LAN networks. It uses FreeRadius and OpenVMPS, running against MySQL, to perform its job.""" If you're interested, perhaps I can make some constructive suggestions about ways FreeNAC could offer actual added value to medium/large orgs. All this is, of course, my personal opinion (and I've got to tell you, you've zero chance of selling to us because we don't work that way, but anyway... ;o): * a GPLed, ActiveX / Java / other browser-based endpoint posture assessment client, for use in fallback non-802.1x (walled-garden) mode. * contribute working EAP-TNC to FreeRadius * contribute working PEAPv2 and whatever-the-vista-posture-protocol is called * liase with the FreeRadius SQL developers to come up with the most appropriate SQL schema; ideally (from your PoV) the FreeNAC SQL schema could become the default for new FreeRadius installs. Hope that perspective is useful. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html