Freeradius 2.0 - vmps feature, inaccuracies on FreeNAC

Alan DeKok aland at deployingradius.com
Wed Jul 11 00:20:01 CEST 2007 

Thomas Dagonnier wrote:
...
> well, the website now shows " FreeNAC is an OpenSource solution for LAN
> access control and dynamic Vlan management")

  <shrug>  RADIUS been doing VLAN management for years.  Maybe that's
news, I don't know.

> I guess we should highlight the "based on" aspect by putting it on the
> main page (cf packetfence).
> Would you find that OK ? 

  It would be politer than burying it elsewhere.

> right. but I guess it should come after a 802.1x  and a VPN client ...
> and those still don't exist

  wpa_supplicant, xsupplicant, and SecureW2 are well-known GPL'd 802.1x
clients.  I've been in contact with those developers for years.  There's
already work on an open source 802.1x client with additional (i.e. NAC)
features.  Search the net.

> That's something already written by the TNC at FHH projects.
> Code is available here
> http://tnc.inform.fh-hannover.de/wiki/index.php/Download

  I was in contact with them when they first wrote the code, quite a
while ago.

> Is there any plan to integrate that in the official release ?

  Last I checked (quite a whole ago), the code wasn't GPL'd.  It looks
like it's changed since then.  After a quick look, perhaps.  The
formatting should really follow the FreeRADIUS standard, it has C++
style comments, and some things likely need to be cleaned up.  There's
also the issue of which license libtnc falls under.  On top of that,
they haven't requested that it be added to FreeRADIUS.

> - Alan, before jumping the gun on that f word,

  Perhaps you haven't been following my messages, or the history of
FreeRADIUS.  A number of features in FreeRADIUS have been funded by
various companies.  I don't object to funding, and I've never objected
to funding.  I have *no* clue why that message is so difficult to get
across.

  I *do* object to corporate products claiming to be community based.
The sheer mass of "Swisscom" branding on the FreeNAC site makes it look
like something other than a community project.

> it would be no strings
> attached (bounty-like, resulting code solely licensed under GPL in
> freeradius, copyright retained by the author, ...).

  "Bounty"?  No thanks.

  If you want to pay for a feature, then standard business practice is
to use a contract.  I don't have much nice to say about bounties.

> - Coordination with other related opensource project, especially TNC at FHH.

  Which we've been doing for... years now.  We've been very successful
at it.  Thanks for the offer of help, but we think we can manage.


  Maybe you're not clear on the positioning of FreeRADIUS versus
FreeNAC.  FreeRADIUS is almost a decade old.  FreeNAC isn't.  FreeRADIUS
is used by most major ISP's.  FreeNAC isn't.  FreeRADIUS has an
commanding market share in the LAN, WLAN, ISP, roaming, etc.
authentication space.  FreeNAC has minimal market share of the NAC
market.  FreeRADIUS has existing relationships with all major networking
companies.  FreeNAC doesn't.  FreeRADIUS has a large active community
with thousands of people on it's mailing list.  FreeNAC doesn't.
FreeRADIUS has a proven track record of being independent of any
corporate agenda.  FreeNAC doesn't.  FreeRADIUS has an existing level of
trust and acceptance in the community.  FreeNAC doesn't.  FreeRADIUS has
existing relationships with *everyone* in the AAA space, and many people
in the NAC space.  FreeNAC doesn't.  FreeRADIUS is writing industry
standards in it's space.  FreeNAC isn't.  FreeRADIUS has done this
*without* having "open source" and "enterprise" versions.  FreeRADIUS
has done this by first creating a community, and then a revenue stream.

  It sounds harsh when put that way.  But the truth can be harsh.


  Remember, this isn't just a happy love festival of open source.  There
are multiple competing implementations of many open source solutions.
Some succeed, some don't.  On top of that, FreeRADIUS is winning in the
AAA space against *Cisco* and *Microsoft*.  FreeNAC just isn't on
anyone's radar.

  So, good luck being successful.  But don't expect us to be happy when
your announcement makes it clear that you plan on building on our
success, and treating FreeRADIUS as a subservient portion of FreeNAC.
You wouldn't email Linus Torvalds and say that a FreeNAC product
offering will become "THE open source choice for Operating Systems".
But you said pretty much the same thing here.

  And then wondered why it wasn't greeted with loud exclaims of joy.
I'm still boggling a little at that one.

> A lot, I hope it'll start getting the two highly respectable but
> sometime emotive leaders on a more constructive mood (yes, I'll be
> flamed for that, I know, I know)

  I have a habit of pointing out inconsistencies and flaws in peoples
arguments.  I have a habit of bringing up inconvenient facts that people
don't want to talk about.  This is construed as "negative" by many people.

> PS : of course, I also have plans for total world domination - but I'll
> first start to become sean's boss. Then, I can move to mind-controlling
> hundreds of million of people.

  FreeRADIUS is already the dominant player in it's space.  It's
*already* achieving world domination in the RADIUS space.  FreeRADIUS
already processes the logins of hundreds of millions of people.  Your
dreams are close to what we do daily.

  Alan DeKok.

More information about the Freeradius-Users mailing list