Hello, and a question.
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Mon Jan 14 15:30:19 CET 2008
David W Bell wrote:
> Hi there.
>
> Have used freeRADIUS in the past to authenticate dial-up/ADSL users,
> but now have a different implementation problem that requires some
> input from this list.
>
> I am working on a Single Sign-On solution to try and give users in the
> organisation that I work for, a single username and password.
>
> I am planning on using LDAP for the backend store, as a lot of our
> equipment can be configured to use LDAP natively.
>
> However we also have a lot of routers and other network kit that
> either talks RADIUS or TACACS+ (or both)
>
> I would like to keep things as simple as possible, so my question is.
>
> Can freeRADIUS provide everything that TACACS+ can so that I need only
> install/configure freeRADIUS.
This really depends on the network kit and the Vendor that produced it.
Cisco claim that many of the features of TACACS+ can be replicated using
Cisco VSA strings. The wiki has bits and pieces for Cisco
http://wiki.freeradius.org/Cisco#Cisco_VSAs.
HP Have limited support for RADIUS; You can be an operator or manager
.... But you can't really have fine grained control over what commands
those users can issue.
Bottom line is TACACS+ generally has better support in terms of fine
grained access control, but TACACS+ server implementations do not have
the flexibility and range of features FreeRADIUS does.
>
> Thanks in advance
>
> David W Bell
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
More information about the Freeradius-Users
mailing list