EAP-TNC supported?
Martin Schneider
martincschneider at googlemail.com
Thu Aug 21 08:36:07 CEST 2008
Hi
2008/8/20 Alan DeKok <aland at deployingradius.com>:
> Martin Schneider wrote:
>> - I read in wikipedia, that the spring 2008 release of FreeRadius has
>> "experimental EAP-TNC" support. I couldn't find any information on the
>> FreeRadius homepage or wiki, that this information is correct. Has FreeRadius
>> EAP-TNC support? And "how experimental" is the EAP-TNC support?
>
> It's very experimental. Some people have gotten it to work, but I
> don't think it's ready for production use.
What a pity!
Does anybody know about a patch or something for FreeRadius that adds
more stable EAP-TNC processing? I heard about a patch from FH Hannover
(http://tnc.inform.fh-hannover.de/wiki/index.php/Main_Page) but I
don't know how good this one works. Did maybe anybody of you guys play
with that patch?
>
>> - In case FreeRadius supports EAP-TNC, is it possible to run EAP-TNC
>> "inside" a EAP-TTLS tunnel? EAP-TTLS as outer method and EAP-TNC as
>> inner method?
>
> No. EAP-TNC is designed to be run as an authorization method *after*
> the user has been authenticated. It *cannot* be run all by itself
> inside of a TTLS tunnel.
>
> You can run it inside of the TTLS tunnel after another EAP method has
> been executed. You may have to edit the source code to get this to work.
Ok, thanks for clarifying this point! I really mixed this one up.
I read in the EAP-TTLS draft, that you can perform mutual
authentication of server AND client using EAP-TTLS. (Client also needs
a Certificate...). So theoretically you should be able to run EAP-TNC
directly after EAP-TTLS in the TLS tunnel without any other user
authenticating EAP-method?
Regards
Martin
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list