Re: Freeradius 2.0 - vmps feature, inaccuracies on FreeNAC
Hi, of course, a a GPLed, ActiveX / Java / other browser-based endpoint posture assessment client, for use in fallback non-802.1x (walled-garden) mode. could also work after 802.1x It is actually quite important. If you are in a roaming scenario where your EAP session goes to your home ISP, it makes no sense to tie the posture information into the EAP session - it's the *access network* at the roaming place that needs to know how healthy your computer is. The home ISP at the other end of the world doesn't care that much. My general preference is that any NAC solution should keep *authentication* (EAP session) and *health assessments* in seperate channels. I'm happy that Cisco is following that line of thinking in their NAC solution, by offering a web-based or downloadable client *after* the EAP session if need be. It still *can* be tied into EAP, but it's optional. IMO, the way to go. Anyone implementing a NAC solution (i.e.: you) should keep this in mind, I'm glad you do. BTW, are you following the discussions in the IETF concerning NAC and friends (the nea - network endpoint assassment wg)? If this wg produces implementable results, your solution should be in line with it to ensure interoperability... It's another topic that I'm overall sceptical of NAC, IMO a network should only reactively shut a client down *after* it did something wrong, not proactively sniff around the local environment and lock it away at once. But NAC is here to stay I guess. :-( Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 signature.asc Description: This is a digitally signed message part. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius 2.0 - vmps feature, inaccuracies on FreeNAC
Hi, Thanks for taking the time to respond, I understand better, see the answers inline below.. ... http://lists.cistron.nl/pipermail/freeradius-users/2006- August/056121.html FreeNAC is announced: The 'plan' is for the project to move forward to eventually become THE OpenSource Enterprise tool for dynamic VLAN assignment and LAN/WLAN authentication. Uh... right. FreeRADIUS hasn't been doing that already for nearly a decade? FreeRADIUS is *crushing* Cisco and Microsoft in the AAA space. It's doing LAN WLAN authentication daily for hundreds of millions of users. There is *nothing* in the WLAN authentication space (open source or otherwise) that competes with FreeRADIUS. I *regularly* here about sites with 10+ million users switching to FreeRADIUS. I was thinking in a very different way. The idea was not to create any tensions or competition with other OpenSource products. My focus was to offer LAN Access Control, what many people call NAC. To me there was no solution for that, from systems management point of view. So I created the DB and GUI around OpenVMPS, added switch/router scanning, integration with other network tools and a GUI. We did not try to replace OpenVMPS, or FreeRadius, but make them easier to use in one specific environment: LAN control. When I said become THE OpenSource Enterprise tool for dynamic VLAN.., it was a call to ask people to help and work, not a declaration against other tools like Freeradius. I like the idea of setting a goal. And FreeNAC is going to become THE project for LAN WLAN authentication... by tying in FreeRADIUS as a subsidiary project? Honestly, what reaction did you expect? It wasn't a provocation, really. I did not think FreeRadius sees itself as a NAC server. It's one thing to say we've written a web gui that administers VMPS and RADIUS. It's another thing *entirely* to say that a project funded by a large company is going to tie in FreeRADIUS, and become THE market leader in the space. Hang on, I meant to use FreeRadius for the 802.1x, my focus was to add whatever additional DB modules, interfaces, or GUIs were necessary. A pity we didn't discuss this along time ago.. ... FreeNAC, like some other projects, appears largely to be a way to generate consulting revenue. That isn't a bad thing, as people have to make money. But don't pretend that it's an open project because your boss tells you to (1) work on it, and to (2) accept patches from other people. Actually no, it was first and foremost a GPL project with the aim of publishing the work done so far. I really consider it to be an open project, it was, and still is my first priority to create an OpenSurce GPL project that could live with or without its initial sponsor, Swisscom Innovations. No boss told me to work on it, its been my idea from day 1. The idea of the consulting is to try and get some funding to ensure the long term survival. I did not think of GPL and funding as mutually exclusive, but you do? - Good luck getting patches added if they conflict with the corporate agenda The community are free to change FreeNAC themselves, and submit patches, ... which may or may not be accepted. Is there anyone *other* than a Swisscom employee who has CVS commit access to FreeNAC? You can have SVN access if you want. Any developer can have it if he takes the time. All I ask is that, like in most projects there is a phase where people get to know each other, communicate, and ensure patches do not create major stability problems. For similar examples, see ISC, and the third-party patches to Bind and dhcpd. There are patches floating around for features used by many sites. Those patches are tested, widely used, in wide demand, and aren't included in the main distribution. The reasons they're not included aren't nefarious... just reality. Is the ISC GPL? In contrast, FreeRADIUS adds features that people need. If a patch works, and enough people say they're using it, the patch goes in. (Modulu some editorial re-writes). This is the way it's worked for almost a decade, and this is the way it will *always* work. Good. Perhaps you could explain your CVS commit policy, or what we should do differently? ... if we don't do it fast enough. That is what OpenSource is about. The core team is not closed to Swisscom Innovation people either. I'll welcome anyone with the motivation, skills and time. This is, I repeat, a GPL - OpenSource project. ... started by a company, with the core team being solely company employees. There are many open source, GPL projects that work that way. But they make it clear they're corporate projects with community input. They don't pretend they're community projects. The ones that try to co-opt community projects encounter hostility from that community. My intention *is* to create a community with a consulting spinoff, not the other way
Re: Freeradius 2.0 - vmps feature, inaccuracies on FreeNAC
VMPS is only one part of the problem. Do you want to add a Database, Client Security tools/interfaces, policy engine, interfaces to AntiVirus servers, scanners, Patch servers, and so to FreeRadius? Yes. By implementing EAP-TNC. I thought Freeradius concentrates on the authentication protocols, not the network integration aspects? Perhaps you could explain, if FreeRadius supported EAP-TNC, why I as a medium/large organisation would possibly want to use FreeNAC? Bearing in mind that (correct me if I'm wrong) FreeNAC consists of: * a database schema * a web editor for said database * a gui editor for said database (bleh) * a freeradius config to authenticate off that database * a patched version of openvmps to query off that database * yet another re-implementation of netdisco (www.netdisco.org) talking to the same database * some helper utilities for pulling info from SMS/Wsus We (for example) already have a network/vlan/switchh/host/router database, SQL schema and SQL servers, web interface to same, device management/discover/polling and helper utilties hooked up to wsus. I'm not saying what FreeNAC is doing is wrong, but it does not help to represent it as something it's not. I would have understood this a lot more: FreeNAC is a standard database schema, GUI and set of management tools for running access-controlled LAN networks. It uses FreeRadius and OpenVMPS, running against MySQL, to perform its job. If you're interested, perhaps I can make some constructive suggestions about ways FreeNAC could offer actual added value to medium/large orgs. All this is, of course, my personal opinion (and I've got to tell you, you've zero chance of selling to us because we don't work that way, but anyway... ;o): * a GPLed, ActiveX / Java / other browser-based endpoint posture assessment client, for use in fallback non-802.1x (walled-garden) mode. * contribute working EAP-TNC to FreeRadius * contribute working PEAPv2 and whatever-the-vista-posture-protocol is called * liase with the FreeRadius SQL developers to come up with the most appropriate SQL schema; ideally (from your PoV) the FreeNAC SQL schema could become the default for new FreeRadius installs. Hope that perspective is useful. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.0 - vmps feature, inaccuracies on FreeNAC
Hi, If you're interested, perhaps I can make some constructive suggestions about ways FreeNAC could offer actual added value to medium/large orgs. All this is, of course, my personal opinion (and I've got to tell you, you've zero chance of selling to us because we don't work that way, but anyway... ;o): I would go along with these things. obviously there IS a market for FreeNAC as we continually have questions about the PHP web front end admin tool which people seem to use. ..but then add the extras in too * integrated billing system * improved ability to print access tickets * add in support for trapeze/cisco/aruba specific extensions and location awareness * SNMP trap support for various edge events (eg physical client disconnect, so close accounting session) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.0 - vmps feature, inaccuracies on FreeNAC
Ok, as my email adress doesn't show, I'm also working wit Sean (yes, for the blue giant). I'll first answer some points raised by alan : - VMPS in FreeRadius was a surprise and is positive. - sure, you can get part of the funding (see later). On 10/07/07, Phil Mayers [EMAIL PROTECTED] wrote: VMPS is only one part of the problem. Do you want to add a Database, Client Security tools/interfaces, policy engine, interfaces to AntiVirus servers, scanners, Patch servers, and so to FreeRadius? Yes. By implementing EAP-TNC. I thought Freeradius concentrates on the authentication protocols, not the network integration aspects? Perhaps you could explain, if FreeRadius supported EAP-TNC, why I as a medium/large organisation would possibly want to use FreeNAC? Bearing in mind that (correct me if I'm wrong) FreeNAC consists of: * a database schema * a web editor for said database * a gui editor for said database (bleh) * a freeradius config to authenticate off that database * a patched version of openvmps to query off that database * yet another re-implementation of netdisco (www.netdisco.org) talking to the same database * some helper utilities for pulling info from SMS/Wsus More or less ok. We (for example) already have a network/vlan/switchh/host/router database, SQL schema and SQL servers, web interface to same, device management/discover/polling and helper utilties hooked up to wsus. Ok, so that's very similar. We also wanted that, didn't find any tools that met our requirements, implemented ours and went out with it. I'm not saying what FreeNAC is doing is wrong, but it does not help to represent it as something it's not. I would have understood this a lot more: FreeNAC is a standard database schema, GUI and set of management tools for running access-controlled LAN networks. It uses FreeRadius and OpenVMPS, running against MySQL, to perform its job. well, the website now shows FreeNAC is an OpenSource solution for LAN access control and dynamic Vlan management) first sentence is basically the same when replacing a standard database schema, GUI and set of management tools by solution - which is simpler. I guess we should highlight the based on aspect by putting it on the main page (cf packetfence). Would you find that OK ? If you're interested, perhaps I can make some constructive suggestions about ways FreeNAC could offer actual added value to medium/large orgs. All this is, of course, my personal opinion (and I've got to tell you, you've zero chance of selling to us because we don't work that way, but anyway... ;o): thanks a lot * a GPLed, ActiveX / Java / other browser-based endpoint posture assessment client, for use in fallback non-802.1x (walled-garden) mode. right. but I guess it should come after a 802.1x and a VPN client ... and those still don't exist * contribute working EAP-TNC to FreeRadius That's something already written by the [EMAIL PROTECTED] projects. Code is available here http://tnc.inform.fh-hannover.de/wiki/index.php/Download Is there any plan to integrate that in the official release ? * contribute working PEAPv2 and whatever-the-vista-posture-protocol is called to precise quickly : Vista posture protocol has been microsoft-standardized as IF-TNCCS-SOH (statement of health) - https://www.trustedcomputinggroup.org/specs/TNC/IF-TNCCS-SOH_v1.0_r8.pdf mixofunconfirmedbits Concerning those three points, in no particular order - We would really be happy to see the mentionned items implemented (in freeradius for TNC). - We have funding - but not unlimited nor for an undefine time period - Some of it could be assigned to implement those protocols. - Alan, before jumping the gun on that f word, it would be no strings attached (bounty-like, resulting code solely licensed under GPL in freeradius, copyright retained by the author, ...). - Coordination with other related opensource project, especially [EMAIL PROTECTED] /mixofunconfirmedbits * liase with the FreeRadius SQL developers to come up with the most appropriate SQL schema; ideally (from your PoV) the FreeNAC SQL schema could become the default for new FreeRadius installs. If I understood FreeRadius SQL correctly, the way chosen is a very minimalistic one, with very few formal definition. Therefore, it is also very flexible ... and apart from supporting eventual additionnal fields/functions due to the SOH extension, I have the impression that the DB format could (should) be left to the GUI/extra tools part ? BTW, I've also worked previously on IDS and I tried many tools (nmap, nessus, snmp) and meta-tools (netdisco, ...) to map a network and put that into some DB. So far, I did not found anything convincing that's wy we always end up with some custom database. I'll be happy to compare what we have (freenac db) with your db schema. Hope that perspective is useful. Well, technically, for full NAC, we also miss the post-connect aspects (cf packetfence) - but that's another story.
Re: Freeradius 2.0 - vmps feature, inaccuracies on FreeNAC
Thomas Dagonnier wrote: ... well, the website now shows FreeNAC is an OpenSource solution for LAN access control and dynamic Vlan management) shrug RADIUS been doing VLAN management for years. Maybe that's news, I don't know. I guess we should highlight the based on aspect by putting it on the main page (cf packetfence). Would you find that OK ? It would be politer than burying it elsewhere. right. but I guess it should come after a 802.1x and a VPN client ... and those still don't exist wpa_supplicant, xsupplicant, and SecureW2 are well-known GPL'd 802.1x clients. I've been in contact with those developers for years. There's already work on an open source 802.1x client with additional (i.e. NAC) features. Search the net. That's something already written by the [EMAIL PROTECTED] projects. Code is available here http://tnc.inform.fh-hannover.de/wiki/index.php/Download I was in contact with them when they first wrote the code, quite a while ago. Is there any plan to integrate that in the official release ? Last I checked (quite a whole ago), the code wasn't GPL'd. It looks like it's changed since then. After a quick look, perhaps. The formatting should really follow the FreeRADIUS standard, it has C++ style comments, and some things likely need to be cleaned up. There's also the issue of which license libtnc falls under. On top of that, they haven't requested that it be added to FreeRADIUS. - Alan, before jumping the gun on that f word, Perhaps you haven't been following my messages, or the history of FreeRADIUS. A number of features in FreeRADIUS have been funded by various companies. I don't object to funding, and I've never objected to funding. I have *no* clue why that message is so difficult to get across. I *do* object to corporate products claiming to be community based. The sheer mass of Swisscom branding on the FreeNAC site makes it look like something other than a community project. it would be no strings attached (bounty-like, resulting code solely licensed under GPL in freeradius, copyright retained by the author, ...). Bounty? No thanks. If you want to pay for a feature, then standard business practice is to use a contract. I don't have much nice to say about bounties. - Coordination with other related opensource project, especially [EMAIL PROTECTED] Which we've been doing for... years now. We've been very successful at it. Thanks for the offer of help, but we think we can manage. Maybe you're not clear on the positioning of FreeRADIUS versus FreeNAC. FreeRADIUS is almost a decade old. FreeNAC isn't. FreeRADIUS is used by most major ISP's. FreeNAC isn't. FreeRADIUS has an commanding market share in the LAN, WLAN, ISP, roaming, etc. authentication space. FreeNAC has minimal market share of the NAC market. FreeRADIUS has existing relationships with all major networking companies. FreeNAC doesn't. FreeRADIUS has a large active community with thousands of people on it's mailing list. FreeNAC doesn't. FreeRADIUS has a proven track record of being independent of any corporate agenda. FreeNAC doesn't. FreeRADIUS has an existing level of trust and acceptance in the community. FreeNAC doesn't. FreeRADIUS has existing relationships with *everyone* in the AAA space, and many people in the NAC space. FreeNAC doesn't. FreeRADIUS is writing industry standards in it's space. FreeNAC isn't. FreeRADIUS has done this *without* having open source and enterprise versions. FreeRADIUS has done this by first creating a community, and then a revenue stream. It sounds harsh when put that way. But the truth can be harsh. Remember, this isn't just a happy love festival of open source. There are multiple competing implementations of many open source solutions. Some succeed, some don't. On top of that, FreeRADIUS is winning in the AAA space against *Cisco* and *Microsoft*. FreeNAC just isn't on anyone's radar. So, good luck being successful. But don't expect us to be happy when your announcement makes it clear that you plan on building on our success, and treating FreeRADIUS as a subservient portion of FreeNAC. You wouldn't email Linus Torvalds and say that a FreeNAC product offering will become THE open source choice for Operating Systems. But you said pretty much the same thing here. And then wondered why it wasn't greeted with loud exclaims of joy. I'm still boggling a little at that one. A lot, I hope it'll start getting the two highly respectable but sometime emotive leaders on a more constructive mood (yes, I'll be flamed for that, I know, I know) I have a habit of pointing out inconsistencies and flaws in peoples arguments. I have a habit of bringing up inconvenient facts that people don't want to talk about. This is construed as negative by many people. PS : of course, I also have plans for total world domination - but I'll first start to become sean's boss. Then, I can move to
Re: Freeradius 2.0 - vmps feature, inaccuracies on FreeNAC
Ok, we know and agree that freenac isn't in the same league as freeradius. The form of the announcement was a mistake we're now trying to correct. I'm really sorry it hurt you and would like you to formally accept my apologize for this bad communication. Would you agree to close that part of the discussion ? On 11/07/07, Alan DeKok [EMAIL PROTECTED] wrote: right. but I guess it should come after a 802.1x and a VPN client ... and those still don't exist wpa_supplicant, xsupplicant, and SecureW2 are well-known GPL'd 802.1x clients. I've been in contact with those developers for years. There's already work on an open source 802.1x client with additional (i.e. NAC) features. Search the net. sorry, this was a late email and I forgot important details like had in mind with additionnal (NAC) features and the for windows is implied by the vast majority of windows-based computers. so indeed, the most likely candidates are SecureW2 and open1x/opensea xsupplicant, but none of them are there yet. of course, a a GPLed, ActiveX / Java / other browser-based endpoint posture assessment client, for use in fallback non-802.1x (walled-garden) mode. could also work after 802.1x That's something already written by the [EMAIL PROTECTED] projects. Code is available here http://tnc.inform.fh-hannover.de/wiki/index.php/Download I was in contact with them when they first wrote the code, quite a while ago. Is there any plan to integrate that in the official release ? Last I checked (quite a whole ago), the code wasn't GPL'd. It looks like it's changed since then. After a quick look, perhaps. The formatting should really follow the FreeRADIUS standard, it has C++ style comments, and some things likely need to be cleaned up. There's also the issue of which license libtnc falls under. On top of that, they haven't requested that it be added to FreeRADIUS. so there's no plan, but a properly formatted, cleaned version would find its place ? (btw, libtnc is also GPL) it would be no strings attached (bounty-like, resulting code solely licensed under GPL in freeradius, copyright retained by the author, ...). Bounty? No thanks. If you want to pay for a feature, then standard business practice is to use a contract. I don't have much nice to say about bounties. again, wrongly written sentence : bounty-like was to refer to the no strings that the result would end up as part of FreeRadius - nothing else. Of course, it would be made using a contract (and I also don't really like bounties, for the record). Would you be open to implement Microsoft's IF-TNCCS-SOH in that context ? dago - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.0 - vmps feature, inaccuracies on FreeNAC
Hi, I remain, as always, resolute in my plans for world domination. :) cough please take your place in the queue ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius 2.0 - vmps feature, inaccuracies on FreeNAC
Hi, I just came across your blog post commenting on the release of the 2.0 version of freeradius. I was kind of surprised by the upcoming support of VMPS. While trying to know more, I also found a post commenting on OpenVMPS (http://lists.cistron.nl/pipermail/freeradius-users/2007-May/063152.html ) and I have to say that I've been really dissapointed by what you wrote. I really didn't expect that animosity or that amount of FUD coming from you. Quote, from Alan Dekok, Mon May 28 14:21:56 CEST 2007 2.0.0-pre2 has Magic feature number one :) Arran Cudbard-Bell wrote: Neat , unfortunately only Cisco switches seem to support it, and we run entirely on HP Procurves. Guess it means people will no longer have to use OpenVMPS to proxy :) Plus, OpenVMPS is not under active development, so there's no maintainers. It claims it's part of another project (that I won't name), but that project includes the *binary* of OpenVMPS, and not the source. GPL concerns may apply... On top of that, the project is funded by a commercial company, as a loss-leader for their commercial support, and the community that works on it is limited to the employees of that company. Good luck getting patches added if they conflict with the corporate agenda... Alan DeKok. The project in question that you did not want to name is FreeNAC and I'm the lead developer. You'll understand that I cannot let those things stay uncorrected, so I'll quickly make some issues clear : - This project has been, from the start, a GPL project, sources have always been published. Just because an OpenVMPS binary is there doesn't mean there's no source : look into the contrib directory. - The main sponsor is effectively Swisscom Innovations, but there's no need to put quotes around community. Even if it's small (70 registered users), I let you check our forums to verify that it is not limited to Swisscom. We received some contributions (patches, documentation) that we accepted and we don't have any hidden agenda. [FreeNAC is GPL, and we respect the GPL of OpenVMPS too]. - Good luck getting patches added if they conflict with the corporate agenda The community are free to change FreeNAC themselves, and submit patches, if we don't do it fast enough. That is what OpenSource is about. The core team is not closed to Swisscom Innovation people either. I'll welcome anyone with the motivation, skills and time. This is, I repeat, a GPL - OpenSource project. But, at the end, I'd really like to close this misunderstanding and move further. There's no point in arguing or flaming each other as we're both working on closely related opensource project. In fact, FreeRADIUS was always in our mind, we announced FreeNAC on the freeradius-user mailing list in 2006 and we also integrated it. This is natural because the core value of FreeNAC is in at the policy level, and not in the support of underlying protocols like VMPS or 802.1x. We've also closely followed the development in the NAC area and contacted other opensource projects (SecureW2, [EMAIL PROTECTED]) for that purpose. We would enjoy a collaboration that would lead to create _the_ opensource NAC framework. Regards, Sean Boran, www.FreeNAC.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.0 - vmps feature, inaccuracies on FreeNAC
[EMAIL PROTECTED] wrote: I just came across your blog post commenting on the release of the 2.0 version of freeradius. I was kind of surprised by the upcoming support of VMPS. shrug It was pretty easy to do, and some people said it would be useful. While trying to know more, I also found a post commenting on OpenVMPS (http://lists.cistron.nl/pipermail/freeradius-users/2007-May/063152.html ) and I have to say that I've been really dissapointed by what you wrote. I really didn't expect that animosity or that amount of FUD coming from you. Take a look at this: http://lists.cistron.nl/pipermail/freeradius-users/2006-August/056121.html FreeNAC is announced: The 'plan' is for the project to move forward to eventually become THE OpenSource Enterprise tool for dynamic VLAN assignment and LAN/WLAN authentication. Uh... right. FreeRADIUS hasn't been doing that already for nearly a decade? FreeRADIUS is *crushing* Cisco and Microsoft in the AAA space. It's doing LAN WLAN authentication daily for hundreds of millions of users. There is *nothing* in the WLAN authentication space (open source or otherwise) that competes with FreeRADIUS. I *regularly* here about sites with 10+ million users switching to FreeRADIUS. And FreeNAC is going to become THE project for LAN WLAN authentication... by tying in FreeRADIUS as a subsidiary project? Honestly, what reaction did you expect? It's one thing to say we've written a web gui that administers VMPS and RADIUS. It's another thing *entirely* to say that a project funded by a large company is going to tie in FreeRADIUS, and become THE market leader in the space. Don't get me wrong, Swisscom is a good company with smart people. But the announcement on the freeradius-users list was a little much. - This project has been, from the start, a GPL project, sources have always been published. Just because an OpenVMPS binary is there doesn't mean there's no source : look into the contrib directory. I was rather surprised to see that the compiled binaries were checked into CVS, and that the official releases included pre-compiled binaries. It's not the usual open source way of doing things. - The main sponsor is effectively Swisscom Innovations, but there's no need to put quotes around community. Even if it's small (70 registered users), I let you check our forums to verify that it is not limited to Swisscom. We received some contributions (patches, documentation) that we accepted and we don't have any hidden agenda. [FreeNAC is GPL, and we respect the GPL of OpenVMPS too]. FreeNAC, like some other projects, appears largely to be a way to generate consulting revenue. That isn't a bad thing, as people have to make money. But don't pretend that it's an open project because your boss tells you to (1) work on it, and to (2) accept patches from other people. In contrast, there is NO corporate agenda or funding behind FreeRADIUS. There never has been, and never will be. I've turned down jobs and consulting contracts because the people involved wanted to take over FreeRADIUS. - Good luck getting patches added if they conflict with the corporate agenda The community are free to change FreeNAC themselves, and submit patches, ... which may or may not be accepted. Is there anyone *other* than a Swisscom employee who has CVS commit access to FreeNAC? For similar examples, see ISC, and the third-party patches to Bind and dhcpd. There are patches floating around for features used by many sites. Those patches are tested, widely used, in wide demand, and aren't included in the main distribution. The reasons they're not included aren't nefarious... just reality. In contrast, FreeRADIUS adds features that people need. If a patch works, and enough people say they're using it, the patch goes in. (Modulu some editorial re-writes). This is the way it's worked for almost a decade, and this is the way it will *always* work. if we don't do it fast enough. That is what OpenSource is about. The core team is not closed to Swisscom Innovation people either. I'll welcome anyone with the motivation, skills and time. This is, I repeat, a GPL - OpenSource project. ... started by a company, with the core team being solely company employees. There are many open source, GPL projects that work that way. But they make it clear they're corporate projects with community input. They don't pretend they're community projects. The ones that try to co-opt community projects encounter hostility from that community. In your case, the community response was that no one cared. *I* got annoyed. But that's because it was clear that FreeNAC was using *my* work to claim that *they* were the leader in the WLAN authentication space. But, at the end, I'd really like to close this misunderstanding and move further. There's no point in arguing or flaming each other as we're both working on closely related opensource
Re: Freeradius 2.0 - vmps feature, inaccuracies on FreeNAC
Alan DeKok wrote: ... I *regularly* here about ... me answering email at midnight, after being up at 6am, and going on 500m +/- elevation hikes all day. I'm tired, and I can't spell properly. I remain, as always, resolute in my plans for world domination. :) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html