Authenticating SSH login on a Cisco IOS switch to AD

Alexander Clouter alex at digriz.org.uk
Wed Feb 9 22:54:09 CET 2011


Brian Candler <B.Candler at pobox.com> wrote:
> 
> Incidentally, it's quite reasonable to use RADIUS for authentication and
> authorization, and TACACS for accounting (e.g.  point your aaa accounting at
> an instance of tac_plus).  Then you have a real-time log of individual
> commands run.
> 
I would say it is easier to send the command log over syslog, but that's 
just how we like to skin our cats round here.

Cheers

-- 
Alexander Clouter
.sigmonster says: ... and furthermore ... I don't like your trousers.




More information about the Freeradius-Users mailing list