Martin Schneider wrote: > Does anybody know about a patch or something for FreeRadius that adds > more stable EAP-TNC processing? I heard about a patch from FH Hannover > (http://tnc.inform.fh-hannover.de/wiki/index.php/Main_Page) but I > don't know how good this one works. Did maybe anybody of you guys play > with that patch?
The EAP-TNC code in FreeRADIUS *is* the FH Hannover code. There's just *more* work that has to be done to make it ready for a production environment. > I read in the EAP-TTLS draft, that you can perform mutual > authentication of server AND client using EAP-TTLS. (Client also needs > a Certificate...). So theoretically you should be able to run EAP-TNC > directly after EAP-TTLS in the TLS tunnel without any other user > authenticating EAP-method? Perhaps. Check with the TNC specifications to see if this is permitted. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html