History
This page really describes why SOAS could not find any alternative suitable solution and set out to write it's own version.
FIXME to be edited
Status
The majority of time was spent in the past year testing ideas and approaches. Having worked out what can and cannot work plus the scope of the project the actually code development fired off in July. The bulk of the framework (RADIUS, LDAP, SQL, 802.1X, Perl 'glue', etc) is done and really it's the more friendly frontend componments that need to be written such as web based host registration. At SOAS it is actually actively being used on a 'pilot' building with 50 or so workstations and a number of laptops om it...all wired. Wireless functionality does work.
No downloads are available yet but do email me if you want a copy and I'll put something together for you to tinker with. Please do not expect much to happen for you unless you are willing to build a rather extensive and specific network to run this software on. If you think software like Bradford Campus Manager meets your needs and you do not see a problem then really this software is not for you; especially in it's current state. This is not a case of bad mouthing either BCM or you as the sysadmin, it's just this software is designed to provide a solution to a particular problem that you probably do not suffer from.
A example of a typical kludge in the sotware available is quarentining hosts on the network. All the worthy contenders might have let 802.1X decide the AAA phase of the network, however it would crudely force network ports into particular VLAN's and track that MAC address rather than use a more natural 802.1X solution where you ask the port to re-authenticate and authorise the host after marking the workstation as 'dubious'.
To most this probably is not a problem, however to me as a network monkey means this NAC solution is maintaining state and rearranging the topology of your network; we also spent £250,000 on a number of Cisco 3750's to put 802.1X on the edge, we were going to be damned if this functionality was not going to be used.
So work began (sponsored of course my my employer, SOAS) to build a solution that stored all it's data in a LDAP database and based around opensource software. As this software is a 'from scratch' approach there is no legacy support, access at the network layer (for wired and wireless) is expected to be 802.1X enabled, although hosts connecting do not need to be 802.1X aware as the access layer should be able to generate a suitable 802.1X 'compatible' packet based solely on the connecting hosts MAC address (effectively becomes MAC based authentication). If you access layer is not 802.1X aware this software is no use to you at all...as the majority of hardware is this should not be much of a problem; make sure the edge kit can fall back to MAC based authentication and generate suitable 802.1X-ish RADIUS packets from it.
