[EMAIL PROTECTED] wrote on 08/19/2003 03:02:17 AM:
> I would agree. Cisco makes two products for Radius. One that is
> expensive and the other that is even more expensive. Neither one has
> all the same features as Freeradius AND neither one works as well.
>
> Gene Parks
> VIP Direct
That's a rather blanket reply. I use both freeradius and Cisco ACS. There
are some HUGE differences between the two, which is why (*duh*) we use
both.
If you need to securID authentication _directly_, don't even bother
thinking about freeradius; it simply doesn't do it. (search the mailing
archives for a few diatribes by myself.) Sure, FR can proxy against the
absolute PILE OF S**T radius server built into ACE, but why put a _great_
proxy against a _crap_ source radius server?
PEAP support still seems pretty skechy, at best. It's experimental, it's
new, and if you need it to work right now then FR isn't the best choice.
(LEAP, otoh, seems to be pretty stable in FR.)
If you need paid support ("It's busted and I need it fixed RIGHT NOW!!"),
then you're obviously SOL running freeradius. (Don't misinterpret this;
the FR team does a bang up job. BUT they're NOT obligated to do
_anything_ if something in FR doesn't quite work right.)
And lastly, ACS supports some other odd things (safetoken support, plus a
few other securID wannabees) that just aren't in FR.
Now, don't get me wrong here. I _love_ freeradius. To that end, for my
wireless access points, I have ACS handle the radius PEAP requests, and
freeradius handle the direct AP management (console login, ssh login,
etc.) radius requests.
I keep trying to push freeradius into MORE stuff on my network. But as
things stand _right_ _now_, they're two different products with different
strengths.
Vincent Giovannone
Network Infrastructure Group
Information Services Division
Rush - Presbyterian St. Luke's Medical Center
"A four-year-old will very quickly get over news of the death of Santa if
told that it was due to his fully loaded sleigh crashing in the back
garden."
-- Mil Millington
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
