Nick Lowe nick.lowe at gmail.com
Wed Mar 26 11:53:37 CET 2014


Sorry, I should have been far more specific in what I wrote and less
copy-and-paste hasty.

Those requirements were written in the context that:

1) Integration would only be with RADIUS, not with the particular DHCP
server that is in use on a site and not with SNMP back to the NASes.
2) Identity spoofing would not be able to occur via the EAP outer identity,
given the first requirement.

If you have that integration with DHCP and better yet with SNMP, as you
point out, many of the requirements melt away.

It was written with a bias that the solution be something that is easily
deployable in existing environments and also with an NPS specific bias. If
you can touch more of the stack, you have more options.

So, apologies to the OP for not writing something more reasoned


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/mailman/private/freeradius-users/attachments/20140326/1f00ae98/attachment-0001.html>

More information about the Freeradius-Users mailing list