To your first question: You can give every user in Radius it's own priv-level.
You can configure your Cisco that CLI access is only allowed with a priv-level
x and higher. This would be the same like Tacacs.
--
Thoralf Freitag
Manager Health Services System Administration
Phone: +49 (0) 30 68905-4611
Cellular:+49 (0) 151 1631-4611
Fax: +49 (0) 30 68905-2940
Mail: thoralf.frei...@biotronik.com
*** Sent via Blackberry. ***
http://www.biotronik.com
*********************************************************************************
BIOTRONIK GmbH & Co. KG
Woermannkehre 1, 12359 Berlin, Germany
Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501
Vertreten durch ihre Komplementaerin:
BIOTRONIK Mess- und Therapiegeraete GmbH
Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918
Geschaeftsfuehrer: Dr. Max Schaldach, Christoph Boehmer, Dr. Werner Braun, Dr.
Lothar Krings
*********************************************************************************
This email and the information it contains including attachments are
confidential and meant
only for use by the intended recipient(s); disclosure or copying is strictly
prohibited. If you are
not addressed, but in the possession of this email, please notify the sender
immediately.
----- Originalnachricht -----
Von: Norbert Wegener [norbert.wege...@siemens.com]
Gesendet: 14.02.2009 12:05 CET
An: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Betreff: Re: Migration from TACACS+ to RADIUS
Alan DeKok schrieb:
Nicholas R. Cappelletti wrote:
In the recent weeks, I have come across some downfalls to using TACACS+ such as
no 802.1x authentication, no WPA integration, and the impossible integration
into both Kerberos and LDAP.
I hate to sound naive, but like many who need help, I'm new to RADIUS, its
configuration, and its capabilities. With that said, I have a few questions
concerning functionality that I had with TACACS+ and its equivalence in RADIUS.
1. How granular can I get with command authorization? Currently, TACACS+ is
used for VPN authentication and device login, but not all those users should,
or need, access to the CLI of the network equipment (We use both Cisco and HP
devices). Eventually I would like to use the RADIUS setup for wireless
authentication too.
The hope is that we can add TACACS+ support to FreeRADIUS in a future
version. That will help with migration.
Can this be expected in the foreseeable future?
Norbert Wegener
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html