Hi 2008/8/20 Alan DeKok <[EMAIL PROTECTED]>: > Martin Schneider wrote: >> - I read in wikipedia, that the spring 2008 release of FreeRadius has >> "experimental EAP-TNC" support. I couldn't find any information on the >> FreeRadius homepage or wiki, that this information is correct. Has FreeRadius >> EAP-TNC support? And "how experimental" is the EAP-TNC support? > > It's very experimental. Some people have gotten it to work, but I > don't think it's ready for production use.
What a pity! Does anybody know about a patch or something for FreeRadius that adds more stable EAP-TNC processing? I heard about a patch from FH Hannover (http://tnc.inform.fh-hannover.de/wiki/index.php/Main_Page) but I don't know how good this one works. Did maybe anybody of you guys play with that patch? > >> - In case FreeRadius supports EAP-TNC, is it possible to run EAP-TNC >> "inside" a EAP-TTLS tunnel? EAP-TTLS as outer method and EAP-TNC as >> inner method? > > No. EAP-TNC is designed to be run as an authorization method *after* > the user has been authenticated. It *cannot* be run all by itself > inside of a TTLS tunnel. > > You can run it inside of the TTLS tunnel after another EAP method has > been executed. You may have to edit the source code to get this to work. Ok, thanks for clarifying this point! I really mixed this one up. I read in the EAP-TTLS draft, that you can perform mutual authentication of server AND client using EAP-TTLS. (Client also needs a Certificate...). So theoretically you should be able to run EAP-TNC directly after EAP-TTLS in the TLS tunnel without any other user authenticating EAP-method? Regards Martin > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html