EAP-TNC supported?

Ingo Bente ingo.bente at fh-hannover.de
Thu Aug 21 15:11:43 CEST 2008

> Message: 4
> Date: Thu, 21 Aug 2008 14:39:48 +0200
> From: "Martin Schneider" <martincschneider at googlemail.com>
> Subject: Re: EAP-TNC supported?
> To: "FreeRadius users mailing list"
> 	<freeradius-users at lists.freeradius.org>
> Message-ID:
> 	<690347540808210539t1dabd41amdbb0d80f32271073 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
> Hi Ingo and others
>>> Does anybody know about a patch or something for FreeRadius that adds
>>> more stable EAP-TNC processing? I heard about a patch from FH Hannover
>>> (http://tnc.inform.fh-hannover.de/wiki/index.php/Main_Page) but I
>>> don't know how good this one works. Did maybe anybody of you guys play
>>> with that patch?
>> Yes, it is very experimental. We have done some refactoring the last
>> weeks but the new version of the EAP-TNC-Patch is currently not in the
>> FreeRADIUS sources. You can download it from
>> http://tnc.inform.fh-hannover.de. We will modify some further aspects
>> soon (such as removing the dynamic loading of NAA-TNCS.so at runtime).
> Great! Thanks for that hint. I'll have a look at this soon. So you'll
> want to integrate the TNC Server directly into the EAP Module, or to
> be more precise, you'll add a "TNC Type Module" to the EAP module?

There is already an EAP-TNC module. The TNC functions are split: most of
the NAA part is realized in the EAP-TNC module (in C). Some NAA parts
and the TNCS part is realised in a separate shared object (NAA-TNCS.so).
Currently, the EAP-TNC module dynamically loads the NAA-TNCS.so at
runtime (runtime dynamic linking I think ...). We want to change it to
load time dynamic linking (as all the other methods do it). Alan
suggested this already some time ago. I hope that the terms are right ...
>> You can do EAP-TNC inside EAP-TTLS without modifying the source. I
>> tested it with the latest development version of wpa_supplicant. But you
>> will have to modify the source if you want to to EAP-TNC inside EAP-TTLS
>> _after_ another EAP-method (such as MD5).
> That's good news for me!
> So basically, the "only thing I need to do" when I want to perfom
> EAP-TNC is to create a IMC/IMV pair and integrate the IMC to
> wpa_supplicant and the IMV to Free Radius?

You don't have to create one on your own. You can use the IMC/IMV
HostScanner provided by TNC at FHH or the sample IMC/IMV pairs that are
part of libtnc. The corresponding IMC.so and IMV.so files are loaded
dynamically at runtime by wpa_suppicant and FreeRADIUS. Let me know if
you need more information because our website is currently not up2date.


> Regards
> Martin
> ------------------------------
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> End of Freeradius-Users Digest, Vol 40, Issue 94
> ************************************************

More information about the Freeradius-Users mailing list