Can freeRADIUS provide everything that TACACS+ can so that I need
only install/configure freeRADIUS.
This really depends on the network kit and the Vendor that produced
it. Cisco claim that many of the features of TACACS+ can be replicated
using Cisco VSA strings. The wiki has bits and pieces for Cisco
http://wiki.freeradius.org/Cisco#Cisco_VSAs.
HP Have limited support for RADIUS; You can be an operator or manager
.... But you can't really have fine grained control over what commands
those users can issue.
Bottom line is TACACS+ generally has better support in terms of fine
grained access control, but TACACS+ server implementations do not have
the flexibility and range of features FreeRADIUS does.
Much of the kit we are using IS Cisco.
So I am guessing I would be best to allow RADIUS & TAC+ to interface
with LDAP.
Thanks for that :)
David
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
