Before I begin mouthing off, if I am wrong, please correct me.
First of all, unless I am completely wrong, TACACS+ is Free; however,
Cisco Secure ACS is NOT. From what I understand, TACACS+ source code is
self-supported. TACACS+ code can be found at:
http://www.gazi.edu.tr/tacacs/
The source code comes with complete instruction on how to install and
configure both TACACS and NAS and just about everything else that has
to use TACACS. In fact, you can build a TACACS server almost free of
charge. I work for an ISP and we run our TACACS server on either Linux
or FreeBSD on Intel platform. For those who are afraid of using
unix/linux, my advise to you is: DON'T. If your ambition is to be
a CCIE somewhere down the road, then you need to learn unix/linux today.
Too often I have seen CCIEs who have no clue about Unix. You don't have
to learn unix/linux to become a system administrator, just learn enough
so that you know how to install software on the system, know how to
compile the source code. You will be glad you do. It will definitely
pay-off down the road. Now if you are one those anti-Cisco who don't
like to use TACACS+, you can use freeRADIUS. The software is also
self-supported and it is also free. In my opinion, both RADIUS and
TACACS+ are excellent products; however, I have also heard arguments that
TACACS+ is more powerful, flexible and scalable than RADIUS. Furthermore,
TACACS runs on TCP port 49 so it is more secure than RADIUS.
I could be wrong on the last one.
Now if you are one of those individuals who mainly work in the enterprise
then running TACACS+ on Microsoft Windows platforms might be acceptable.
However, keep in mind that TACACS+ running on windows platforms is NOT
FREE. Personally, I am a cheap-skate so I run TACACS+ on both Linux and
FreeBSD platform. Solaris, HP-UX and AIX are also excellent platforms
but they are NOT free. My TACACS+ has been running for the past 6 months
without having to reboot once. To keep the system secure, I only run
2 services on the TACACS+: TACACS+ and SSH version 2. I run Secure
Shell version 2 to remotely administer the box. For those that are
MICROSOFT WINBLOWS handicap, you can install webmin so that you can
control the TACACS+ box via the web browser. The point I am trying to
make here is that you should always first look for an alternative
solution, only pay Cisco as the last resort (in this case, purchase Cisco
ACS). Now I have never used Cisco ACS but I imagine that Cisco ACS comes
with a GUI-based interfaces for unix-challenge users.
OK, I am rambling long enough, this is what you need to do:
1) download the *.gz file from the website mentioned above,
2) unzip the *.gz file (gunzip *.gz),
3) untar the file (tar -xvpf *.tar),
4) Read the README file, AND I MEAN IT,
5) Read the README file AGAIN,
6) ./configure
7) make tac_plus
8) make install
At this point, the tac_plus executable is located in the /usr/sbin
directory. You need to create the tac_plus.cfg file. This file will
contain the logging information, username, password. AGAIN, read the
README file. Before starting the TACACS+ process, you can check for
the syntax of the configuration file by running:
/usr/sbin/tac_plus -P tac_plus.cfg
If everything is correct, you will not see any messages regarding TACACS+
/var/log/messages file. Otherwise, check the error message. If you have
questions, READ THE README FILE.
Finally, if the syntax of your configuration is correct, you can start
TACACS by running:
/usr/sbin/tac_plus -C tac_plus.cfg
check to see if TACACS is running: ps -eaf | grep tac
That's it. Post your questions if you have any. For those Microsoft
users, sorry I can NOT help you.
Sean
>From: "scott"
>Reply-To: "scott"
>To: [EMAIL PROTECTED]
>Subject: radius server recommendations [7:1113]
>Date: Wed, 18 Apr 2001 13:58:14 -0400
>
>I am looking for a good inexpensive radius server software. Any
>suggestions. Would love to use tacacs+ but due to budget constraints can
>not afford Cisco Secure ACS.
>
>Thanks for your input
>
>Scott CCNA, MCSE, MCP+I, A+
>Senior Consultant
>Andersen, LLP.
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1164&t=1113
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
