RE: Why radius when I have LDAP?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kostas Kalevras Sent: vrijdag 2 juli 2004 16:49 To: [EMAIL PROTECTED] Subject: Re: Why radius when I have LDAP? On Thu, 1 Jul 2004, Hans wrote: Hello, This may seem a little strange question. I have my Linux(suse8.2) boxes handle login requests using an LDAP server. The LDAP provides all that's needed, that is username/password, userid, groupid, homedir etc. I could use radius to authenticate logins(user/pass), but then I would still need a direct connection to LDAP for uid, gid, homedir etc, because radius can not handle that kind of info! So: why would I want to use radius? I could do without it, couldn't I? Gr, Hans LDAP is a user database. Only that. RADIUS is an AAA infrastructure. The main advantage is that you can be server-side clever with radius whilst with ldap you need to have clever clients and update all the clients when you add features. You only need to update your radius server configuration to add a new feature. With radius you can have per user limits (rlm_counter), expiration, login time restrictions and make smart decisions based on the incoming request (ie if the request is from NAS XXX and user belongs to ldap group YYY then return a special set of attributes). With RADIUS you also get accounting which can be really important as well as a nice web interface to administer all this. Ah. Ok. So Radius is indeed more than just a 'simple' interface to LDAP Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Why radius when I have LDAP?
On Thu, 1 Jul 2004, Hans wrote: Hello, This may seem a little strange question. I have my Linux(suse8.2) boxes handle login requests using an LDAP server. The LDAP provides all that's needed, that is username/password, userid, groupid, homedir etc. I could use radius to authenticate logins(user/pass), but then I would still need a direct connection to LDAP for uid, gid, homedir etc, because radius can not handle that kind of info! So: why would I want to use radius? I could do without it, couldn't I? Gr, Hans LDAP is a user database. Only that. RADIUS is an AAA infrastructure. The main advantage is that you can be server-side clever with radius whilst with ldap you need to have clever clients and update all the clients when you add features. You only need to update your radius server configuration to add a new feature. With radius you can have per user limits (rlm_counter), expiration, login time restrictions and make smart decisions based on the incoming request (ie if the request is from NAS XXX and user belongs to ldap group YYY then return a special set of attributes). With RADIUS you also get accounting which can be really important as well as a nice web interface to administer all this. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Why radius when I have LDAP?
Hello, This may seem a little strange question. I have my Linux(suse8.2) boxes handle login requests using an LDAP server. The LDAP provides all that's needed, that is username/password, userid, groupid, homedir etc. I could use radius to authenticate logins(user/pass), but then I would still need a direct connection to LDAP for uid, gid, homedir etc, because radius can not handle that kind of info! So: why would I want to use radius? I could do without it, couldn't I? Gr, Hans - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Why radius when I have LDAP?
Hans wrote: Hello, This may seem a little strange question. I have my Linux(suse8.2) boxes handle login requests using an LDAP server. The LDAP provides all that's needed, that is username/password, userid, groupid, homedir etc. I could use radius to authenticate logins(user/pass), but then I would still need a direct connection to LDAP for uid, gid, homedir etc, because radius can not handle that kind of info! So: why would I want to use radius? I could do without it, couldn't I? RADIUS is a protocol. You need a RADIUS server if you are talking to something that supports the RADIUS protocol but does not support the LDAP protocol. For example, in general, wireless LAN access points support the RADIUS protocl but do not support the LDAP protocol. You can always use an LDAP server as the backend for the RADIUS server. If you do this, then the RADIUS server is essentially doing protocol translation. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html