Request for opinion - central admin user server LDAP+FreeRADIUS
Padam J Singh
padam.singh at inventum.cc
Sun Aug 9 14:20:31 CEST 2009
Look at TACACS/TACACS+. Most devices support this. You will need a
TACACS server which authenticates off a RADIUS server.
For others is upto the software to implement a TACACS or direct RADIUS.
Andres Kaaber wrote:
> Hello all
> I'm assigned with a project to make a central admin user database for all kind
> of servers / devices you can imagine (routers, switches, firewalls, linux
> servers, windows servers, databases, etc.). The point is that when a news
> employee arrives you just make him a user in this database, maybe check which
> type of devices he can and all the devices are configured to authenticate users
> against this db. We have over 200 switches alone in our company so making user
> accounts in every single one of them and when this dude leaves to disable all
> of them is huge (or impossible) work.
> So I thought a linux server LDAP+FreeRADIUS for authentication sounds quick,
> easy and good solution, or not? There is no problem with servers Linux and
> Windows servers can authenticate against radius. Most popular DB -s can do
> this also (Oracle, MySQL, PostgresSQL). I don't know about Cisco switches and
> roters but as far I found in google there should be no problems the same goes
> for juniper devices.
> So what do you think? Or maybe you know a free software solution for this kind
> of problem already? Sun identity management is one that i checked out but it
> seems too bloated and complicated. So what are your thoughts?
More information about the Freeradius-Users
mailing list