Alan DeKok wrote:
Stefan Winter wrote:
Don't know if this is an issue for you, but: Cisco equipment does not support command authorization via RADIUS (*any* RADIUS...) [for pure business greed reasons]. So if you really need per-command authorization, you'll have to stick with TACACS+ which, sadly, is well catered by ACS.
There's a tacp2rad program which hasn't been maintained... but it works.
Adding that to the FreeRADIUS portfolio wouldn't be hard, if there was a demand for it.
I'd find that useful, many of the more advanced command ACLs on HP kit can only be accessed when authenticating against a TACACS+ server.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900