I have just been reading all the posts about secure wireless access and I am
not happy with the direction Novell has chosen to take.
I have been extremely pleased with Netware, GroupWise & ZenWorks but Novell
is starting to loose it's appeal.


Let me summarize what I have learned and see if I have made any mistakes
with my understanding.

1. Novell has stopped development on their Radius server and have no plans
to resume development.
2. Novell contributed code to the open source FreeRadius project.
http://www.novell.com/news/press/arc...2/pr05008.html
3. There isn't any Radius server with 802.1x authentication that runs on
Netware (Netware kernel).
a. Novell's Radius server (BMAS or the newer NMAS server) doesn't do
802.1x authentication.
b. I have contacted Funk and this is their reply. Steel-Belted Radius
Server will run on Windows and Solaris (Linux is coming).
http://www.funk.com/News&Events/sbr_linux_pn.asp
c. MTG House hasn't gotten back to me about a solution for Netware. (I
am doubtful, I didn't find anything on their website.)
4. You need to run a Radius server that does 802.1x authentication and will
work/integrate with eDir.
a. FreeRadius (Linux) will integrate with Edir.
http://www.novell.com/documentation/...ius/index.html
http://www.novell.com/coolsolutions/feature/15383.html
b. Funk's Steel-Belted Radius server (Windows, Solaris & Linux is in
beta).
http://www.funk.com/radius/default.asp
c. Aegis Server
http://www.mtghouse.com/products/aeg...er/index.shtml

5. You need a 802.1x Client to authenticate to a Radius server for wireless
authentication.
a. Microsoft has 802.1x support in their client. (read this from other
posts in this forum)
b. Novell isn't planning on putting 802.1x support in the NW Client.
(read this from other posts in this forum)
c. There are 2 Radius clients that integrate with the NW Client for
Radius Edir authentication.
1. Funk's Odyssey Client ($45 - $50 per workstation depending on
quantity) + added annual maintenance costs.
$2281.25 for 50 Client licenses & annual maintenance.
http://www.funk.com/radius/wlan/wlan_c_radius.asp
2. Aegis' Client ($32 - $39.99 per workstation depending on
quantity) + added annual maintenance costs.
$2240.00 for 50 Client licenses & annual maintenance.
http://www.mtghouse.com/products/aeg...nt/index.shtml
http://www.mtghouse.com/novell_app_note_122204.pdf
3. When FreeRadius is integrated with Edir is this separate client
still needed?
I didn't see anything about a separate client being needed while
reading the Integrating FreeRadius with Edir documentation.
6. FreeRadius support is going to be built-in to the next version of Edir.
http://www.novell.com/news/press/arc...2/pr05008.html

Why didn't Novell contribute code to port FreeRadius to Netware?

At this point in time they are still giving us a choice between the Netware
kernel and the Linux kernel. To me that says they are willing to make
things work with both systems until they drop support for the Netware
kernel. Ok, so give me support for 802.1x authentication in the Netware
kernel. I don't have stray single purpose servers floating around my
network and I don't want to have to begin that practice just to get Radius
802.1x authentication working.

I also won't put my district at a disadvantage by upgrading to the Linux
kernel until I know Linux well enough to administer it properly. I am the
IT department at this district so I don't have a great deal of extra time to
run about learning the new things I would LOVE to learn. I'm sure I'm not
the only person in this situation so Novell should take these things into
concideration before they just drop support for a product they say they are
still supporting. Obviously all of the real support is going toward the
Linux side at Novell.

Daniel Blake
Milford Central School