AW: Re: Migration from TACACS+ to RADIUS

Sun, 15 Feb 2009 05:00:13 -0800 

To your first question: You can give every user in Radius it's own priv-level. 
You can configure your Cisco that CLI access is only allowed with a priv-level 
x and higher. This would be the same like Tacacs.
--
Thoralf Freitag
Manager Health Services System Administration

Phone:  +49 (0) 30 68905-4611
Cellular:+49 (0) 151 1631-4611
Fax:     +49 (0) 30 68905-2940
Mail:     thoralf.frei...@biotronik.com

*** Sent via Blackberry. ***

http://www.biotronik.com

*********************************************************************************
BIOTRONIK GmbH & Co. KG
Woermannkehre 1, 12359 Berlin, Germany
Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501

Vertreten durch ihre Komplementaerin:
BIOTRONIK Mess- und Therapiegeraete GmbH
Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918
Geschaeftsfuehrer: Dr. Max Schaldach, Christoph Boehmer, Dr. Werner Braun, Dr. 
Lothar Krings
*********************************************************************************

This email and the information it contains including attachments are 
confidential and meant
only for use by the intended recipient(s); disclosure or copying is strictly 
prohibited. If you are
not addressed, but in the possession of this email, please notify the sender 
immediately.



----- Originalnachricht -----
Von: Norbert Wegener [norbert.wege...@siemens.com]
Gesendet: 14.02.2009 12:05 CET
An: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Betreff: Re: Migration from TACACS+ to RADIUS



Alan DeKok schrieb:

Nicholas R. Cappelletti wrote:


In the recent weeks, I have come across some downfalls to using TACACS+ such as 
no 802.1x authentication, no WPA integration, and the impossible integration 
into both Kerberos and LDAP.

I hate to sound naive, but like many who need help, I'm new to RADIUS, its 
configuration, and its capabilities.  With that said, I have a few questions 
concerning functionality that I had with TACACS+ and its equivalence in RADIUS.

1. How granular can I get with command authorization?  Currently, TACACS+ is 
used for VPN authentication and device login, but not all those users should, 
or need, access to the CLI of the network equipment (We use both Cisco and HP 
devices).  Eventually I would like to use the RADIUS setup for wireless 
authentication too.



  The hope is that we can add TACACS+ support to FreeRADIUS in a future
version.  That will help with migration.


Can this be expected in the foreseeable future?

Norbert Wegener


  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to