Hello, and a question.

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Mon Jan 14 15:30:19 CET 2008


David W Bell wrote:
> Hi there.
>
> Have used freeRADIUS in the past to authenticate dial-up/ADSL users, 
> but now have a different implementation problem that requires some 
> input from this list.
>
> I am working on a Single Sign-On solution to try and give users in the 
> organisation that I work for, a single username and password.
>
> I am planning on using LDAP for the backend store, as a lot of our 
> equipment can be configured to use LDAP natively.
>
> However we also have a lot of routers and other network kit that 
> either talks RADIUS or TACACS+ (or both)
>
> I would like to keep things as simple as possible, so my question is.
>
> Can freeRADIUS provide everything that TACACS+ can so that I need only 
> install/configure freeRADIUS.
This really depends on the network kit and the Vendor that produced it. 
Cisco claim that many of the features of TACACS+ can be replicated using 
Cisco VSA strings. The wiki has bits and pieces for Cisco 
http://wiki.freeradius.org/Cisco#Cisco_VSAs.

HP  Have limited support for RADIUS; You can be an operator or manager 
.... But you can't really have fine grained control over what commands 
those users can issue.

Bottom line is TACACS+ generally has better support in terms of fine 
grained access control, but TACACS+ server implementations do not have 
the flexibility and range of features FreeRADIUS does.
>
> Thanks in advance
>
> David W Bell
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html


-- 
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08 
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900




More information about the Freeradius-Users mailing list