Josh Howlett wrote: > I saw this :-). I had a question: EAP-TNC is intended to be bound to any > tunneled EAP method but the last time I looked at the code the > FreeRADIUS EAP state machine did not appear to support binding > consecutive EAP methods in sequence to an arbitrary tunneled EAP method.
I'm not sure what that means... Does EAP-TNC go inside of a tunneled method, or does it tunnel other methods? If it goes inside of a tunneled method, then there's no problem. PEAP and TTLS already support tunneling EAP types. PEAP is just EAP-TLS with EAP-MSCHAPv2 inside of the tunnel. I have also successfully tested PEAP/EAP-GTC, and TTLS/EAP-MSCHAPv2. > Does this EAP-TNC implementation therefore require the use of a specific > tunneled EAP method, or have there been some improvements to the EAP > state machine to support this flexibility? If EAP-TNC can go only inside of TTLS/PEAP, then the code likely needs to be updated to check for that, and enforce that requirement. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
