Request for opinion - central admin user server LDAP+FreeRADIUS

Padam J Singh padam.singh at inventum.cc
Sun Aug 9 14:20:31 CEST 2009


Look at TACACS/TACACS+. Most devices support this. You will need a
TACACS server which authenticates off a RADIUS server.

For others is upto the software to implement a TACACS or direct RADIUS.



Andres Kaaber wrote:
> Hello all
> I'm assigned with a project to make a central admin user database for all kind 
> of servers / devices you can imagine (routers, switches, firewalls, linux 
> servers, windows servers, databases, etc.). The point is that when a news 
> employee arrives you just make him a user in this database, maybe check which 
> type of devices he can and all the devices are configured to authenticate users 
> against this db. We have over 200 switches alone in our company so making user 
> accounts in every single one of them and when this dude leaves to disable all 
> of them is huge (or impossible) work.
> So I thought a linux server LDAP+FreeRADIUS for authentication sounds quick, 
> easy and good solution, or not? There is no problem with servers Linux and 
> Windows servers can authenticate against radius. Most popular DB -s can do 
> this also (Oracle, MySQL, PostgresSQL). I don't know about Cisco switches and 
> roters but as far I found in google there should be no problems the same goes 
> for juniper devices.
> So what do you think? Or maybe you know a free software solution for this kind 
> of problem already? Sun identity management is one that i checked out but it 
> seems too bloated and complicated. So what are your thoughts?



More information about the Freeradius-Users mailing list