Hi all,

I'm in need to implement an AAA method other than local for our Cisco devices 
(routers/switches)

I was thinking of using the already existing Active Directory, because all 
people has an account there and a strict secure password policy.

Also when someone quits, their user is always removed from there but I don't 
always get notifications about personnel changes so to manage another 
independent user DB is not good for me.

At the beginning I was thinking to directly connect the AD servers, but this 
doesn't give me too much flexibility, I don't manage those servers and I don't 
want to depend on others regarding the authorizations.

I was thinking about a server like radius or tacacs that will check only the 
user authentication against the AD server and perhaps retrieve a value of which 
group the user belongs to, let's say I only need two or three degrees of 
authorization, (read-only, operator, and admins). All the rest of the commands 
authorization granularity will be performed by the radius/tacacs server, based 
on the user's groups.

Is this possible to implement? If yes, do you have some ideas, tips, howtos?

Thanks in advance!

Regards,



Ziv




 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer 
viruses.
************************************************************************************



_______________________________________________
cisco-nsp mailing list  [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Reply via email to