EAP-TNC support or any other method to enforce some security policies on client?

Alan Buxey alan.buxey at gmail.com
Sun Mar 18 13:04:59 CET 2018

PEAP can do this by default for various client platforms - eg Windows
- when used with the SoH method. FreeRADIUS
supports this (as does NPS) - you can then check antivirus, firewall,
anti-malware and patching...and enforce policies
(such as drop non compliant systems into a remediation network where
they cant do anything other than download patches etc - FR
itself doesnt do THAT bit of course, thats down to VLAN policies,
firewalling and proxies etc).


On 17 March 2018 at 19:43, Bogdan Rudas via Freeradius-Users
<freeradius-users at lists.freeradius.org> wrote:
> Hello all!
> I've found couple of discussions regarding implementation of EAP-TNC in
> FreeRADIUS (in 2008 and 2013) as well as some core here:
> https://github.com/trustathsh/tnc-fhh
> What is a current status of EAP-TNC? Is is integrated into FreeRADIUS? If
> so, how can I configure it?
> I guess that built-in TNC was abandoned.
> Are there any 3rd-party products (probably propriertary) which can extend
> my FreeRADIUS deployment with security compliance checks?
> I'd like to enforce specific antivirus software for some platforms,
> password and screen saver policies mostly for BYOD devices.
> Thank you.
> --
> Bogdan Rudas
> Director of IT Europe
> Exadel Inc.
> http://www.exadel.com/
> E-mail: brudas at exadel.com
> Skype ID: bogdan.rudas
> --
> CONFIDENTIALITY NOTICE: This email and files attached to it are
> confidential. If you are not the intended recipient you are hereby notified
> that using, copying, distributing or taking any action in reliance on the
> contents of this information is strictly prohibited. If you have received
> this email in error please notify the sender and delete this email.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list