David W Bell wrote:
Hi there.
Have used freeRADIUS in the past to authenticate dial-up/ADSL users,
but now have a different implementation problem that requires some
input from this list.
I am working on a Single Sign-On solution to try and give users in the
organisation that I work for, a single username and password.
I am planning on using LDAP for the backend store, as a lot of our
equipment can be configured to use LDAP natively.
However we also have a lot of routers and other network kit that
either talks RADIUS or TACACS+ (or both)
I would like to keep things as simple as possible, so my question is.
Can freeRADIUS provide everything that TACACS+ can so that I need only
install/configure freeRADIUS.
This really depends on the network kit and the Vendor that produced it.
Cisco claim that many of the features of TACACS+ can be replicated using
Cisco VSA strings. The wiki has bits and pieces for Cisco
http://wiki.freeradius.org/Cisco#Cisco_VSAs.
HP Have limited support for RADIUS; You can be an operator or manager
.... But you can't really have fine grained control over what commands
those users can issue.
Bottom line is TACACS+ generally has better support in terms of fine
grained access control, but TACACS+ server implementations do not have
the flexibility and range of features FreeRADIUS does.
Thanks in advance
David W Bell
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Arran Cudbard-Bell ([EMAIL PROTECTED])
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
