[EMAIL PROTECTED] wrote: > My focus was to offer "LAN Access Control", what many people call "NAC".
Switches already do 802.1x for LAN access control. They use RADIUS. > To me there was no solution for that, from systems management point of > view. Packet Fence is widely known and widely used. Netreg is older, but perhaps not as actively developed. There were existing solutions in this space before FreeNAC was started. > It wasn't a provocation, really. I did not think FreeRadius sees itself > as a NAC server. Again, you are not understanding. The announcement didn't say "the NAC solution". It said "the WLAN authentication" solution. The reality is that FreeRADIUS is already the WLAN authentication solution. And, of course, when I point that out, you try to pretend my attitude is because your project is doing NAC. > The idea of the consulting is to try and get some funding to ensure the > long term survival. I did not think of GPL and funding as > mutually exclusive, but you do? I said "FreeNAC, like some other projects, appears largely to be a way to generate consulting revenue. That isn't a bad thing, as people have to make money." If you have to ask whether or not I think GPL & funding is mutually exclusive: a) you didn't read my post b) you read it, but you didn't understand it c) you're being a jackass > You can have SVN access if you want. Great! Do I get part of the funding from selling the enterprise version? Do I have to participate in supporting the enterprise version? Do I even *know* who's buying the enterprise version? Given corporate agendas, the reality is that there will be two core teams. One composed of Swisscom people who deal with the enterprise customers, and another, which includes the "community". This is not anything nefarious on the part of Swisscom, but it's the only way to make these kinds of dual corporate/community projects work. The only way to have *one* core team is to set up a legal "FreeNAC" entity separate from Swisscom, and have membership determined by FreeNAC, not by Swisscom. i.e. That's how everyone else on the planet runs these kinds of projects. Your disclaimer that it's a "community" effort is a little disingenuous. > Is the ISC GPL? Does Google have a search engine? > Good. Perhaps you could explain your CVS commit policy, or what we > should do differently? That was the CVS commit policy. > My intention *is* to create a community with a consulting spinoff, not > the other way around. That's not the way the project is structured right now. Look at Packet Fence for a NAC solution that's widely deployed, and which makes a clear distinction between the community and corporate areas. > As regards WLAN, I only mentioned that as an aim, because its turns out > that if you > doing LAN access control on wired LAN, its useful if it can do wireless > too. Yes. So it makes sense for you to claim that by integrating FreeRADIUS, you would become the leader in WLAN authentication. It's like me saying I'm the King of Linux because I burned a CD the other day with Linux on it. > Well it's a pity I didn't know that, that really was not the aim, but I > guess the damage is done now. If your aim was collaboration, it would be clear in everything you say and do that your aim was collaboration. Instead, the words you use are synonyms for "subsume" and "take over". > VMPS is only one part of the problem. > Do you want to add a Database, Client Security tools/interfaces, policy > engine, > interfaces to AntiVirus servers, scanners, Patch servers, and so to > FreeRadius? > I thought Freeradius concentrates on the authentication protocols, not > the > network integration aspects? I see. Apache is an implementation of the HTTP protocol, and doesn't include any kind of integration with databases, policies, client tools, management interfaces, policy engines, etc. Right? Isn't that how protocol implementations are done? Your view of FreeRADIUS as a simple implementation of the RADIUS protocol is either ridiculously naive, or very self-serving. If you had cared to look (and it's obvious that you haven't looked, or that you're pretending you haven't looked), FreeRADIUS has had database integration since the start, almost a decade ago. It has had client tools, and a management interface (dialup-admin) for almost a decade. It has had a policy engine for almost a decade. So far as network integration, FreeRADIUS is whatever the community needs it to be. If you read the web site, you'll see that it's grown to include a BSD licensed client implementation. It's grown to include VMPS. This allows it to do cross-protocol integration of information, and use it's "policy engine" to store that information in a "database", and to display it in the "administration interface" that comes with the server. If the core value of FreeNAC is (s you said) at the "policy level", then the release of a VMPS server with a powerful policy language and database integration should have been a tremendous boon for FreeNAC. Especially since FreeRADIUS supports VMPS policies in LDAP, Perl, or Python, Oracle, Postgresql, etc. which OpenVMPS (and FreeNAC) do not currently support. Was VMPS support in FreeRADIUS a pleasant surprise? Or do you view it as being negative for FreeNAC? Please explain. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html