[25563] in North American Network Operators' Group
Re: TACACS or Radius daemon on Linux
daemon@ATHENA.MIT.EDU (Steven J Sobol)
Tue Oct 19 18:53:49 1999
Date: Tue, 19 Oct 1999 18:51:28 -0400
From: Steven J Sobol <sjsobol@NorthShoreTechnologies.net>
To: mnolan@southshore.com
Cc: nanog@merit.edu, steven@southshore.com
Message-ID: <19991019185127.A20182@amethyst.nstc.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <Chameleon.940366758.mnolan@default>; from mnolan@southshore.com on Tue, Oct 19, 1999 at 03:49:59PM +0000
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, Oct 19, 1999 at 03:49:59PM +0000, mnolan@southshore.com wrote:
> We are an ISP running several Cisco 2500s, 5200s, and 5300s as access
> servers. Currently we are entering each user into each box.
>
> We are looking to set up a Red Hat Linux machine as either a TACACS or
> Radius server to centrally validate all our users.
>
> Does anyone have any experience running a TACACS or Radius daemon
> on Linux? Where is a good place to find a Linux TACACS or Radius
> daemon?
>
> I heard that although TACACS is a Cisco product, Radius has more
> accounting and statistics capability, runs well on Linux, and will
> validate for Ciscos.
RADIUS runs like a champ on Linux. It should run fine with Ciscos, but my
RADIUS experience is primarily with Lucent Portmasters. Contact me off-list
for the e-mail address of an owner of another ISP who may be able to help
you configure RADIUS on a Cisco NAS.
I've been using Merit AAA, but the licensing is rather strict and it's based
on old code. Look for the Cistron RADIUS server on rpmfind.net - there are
links to both source and binary packages.
The most important part of getting RADIUS running on your Linux box is
making sure your dictionary file contains vendor-specific entries for the
brand of NAS that you are using. If you're using any one of the major brands
- Cisco, Bay, Ascend, 3Com/USR - this is a non-issue.
Again, I can't help you configure things on the Cisco, but I can help you
get things running on the Linux box; feel free to contact me if you need
some advice.
--
North Shore Technologies Corporation
Steven J. Sobol, President & Head Geek
815 Superior Avenue #610 sjsobol@NorthShoreTechnologies.net
Cleveland, Ohio 44114 http://NorthShoreTechnologies.net
I'm collecting donations for the Cleveland Indians so they can buy some
pitching. If you want to contribute, please contact me.
