EAP-TNC support or any other method to enforce some security policies on client?

Brian Julin BJulin at clarku.edu
Sun Mar 18 15:01:23 CET 2018


Alan Buxey <alan.buxey at gmail.com>:
> PEAP can do this by default for various client platforms - eg Windows
> - when used with the SoH method. FreeRADIUS
> supports this (as does NPS) - you can then check antivirus, firewall,
> anti-malware and patching...

...on Windows older than 10... MS removed support for SoH early in the Win10
chain.  Before that happened it looked like SoH was the way forward in the
NAC space and might become a de-facto standard like PEAP did, but now
MS is instead pushing cloud services that babysit hosts all the way
through the firmware boot process.



More information about the Freeradius-Users mailing list