On Tue, Mar 17, 2009 at 7:40 PM, Arran Cudbard-Bell <a.cudbard-b...@sussex.ac.uk> wrote: > On 17/3/09 16:26, Jouni Malinen wrote: >> There is specification available for all the needed functionality and >> you should be able to find example code on how to do this in hostapd > > Very interesting. Which version/ git branch is this available in ?
TNC support (including experimental SoH code) was added in 0.6.x, so as far as releases are concerned, 0.6.8 would be the best start (or just use the git development branch if you want to get latest version, but I don't think there has been SoH related changes since 0.6.8). > Just found an explanation of the other magical 'Crypto binding' check box. > It appears it's used to check that the phase 1 and phase 2 endpoints were > actually the same server. Have you done any work this feature ? Yes, that is also supported in both hostapd (PEAPv0 server) and wpa_supplicant (PEAPv0 peer) version 0.6.8. That needed quite a bit of experimentation and guesses since the specification was not exactly correct (but could now be since I asked it to be fixed). Anyway, the source code in hostapd is known to interoperate with Windows XP SP3 and Vista supplicant, so that is probably a good place to look at if someone wants to add this to FreeRADIUS. - Jouni - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html