Nicholas R. Cappelletti wrote: > In the recent weeks, I have come across some downfalls to using TACACS+ such > as no 802.1x authentication, no WPA integration, and the impossible > integration into both Kerberos and LDAP. > > I hate to sound naive, but like many who need help, I'm new to RADIUS, its > configuration, and its capabilities. With that said, I have a few questions > concerning functionality that I had with TACACS+ and its equivalence in > RADIUS. > > 1. How granular can I get with command authorization? Currently, TACACS+ is > used for VPN authentication and device login, but not all those users should, > or need, access to the CLI of the network equipment (We use both Cisco and HP > devices). Eventually I would like to use the RADIUS setup for wireless > authentication too.
The hope is that we can add TACACS+ support to FreeRADIUS in a future version. That will help with migration. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html