Hi, We are an ISP running several Cisco 2500s, 5200s, and 5300s as access servers. Currently we are entering each user into each box. We are looking to set up a Red Hat Linux machine as either a TACACS or Radius server to centrally validate all our users. Does anyone have any experience running a TACACS or Radius daemon on Linux? Where is a good place to find a Linux TACACS or Radius daemon? I heard that although TACACS is a Cisco product, Radius has more accounting and statistics capability, runs well on Linux, and will validate for Ciscos. Any help would appreciated. Thanks, Mike
mnolan@southshore.com wrote:
Hi,
We are an ISP running several Cisco 2500s, 5200s, and 5300s as access servers. Currently we are entering each user into each box.
We are looking to set up a Red Hat Linux machine as either a TACACS or Radius server to centrally validate all our users.
Does anyone have any experience running a TACACS or Radius daemon on Linux? Where is a good place to find a Linux TACACS or Radius daemon?
I have run TACACS+ on Linux servers for years, it works great. Alec -- Alec H. Peterson - ahp@hilander.com Staff Scientist CenterGate Research Group - http://www.centergate.com "Technology so advanced, even _we_ don't understand it!"
Does anyone have any experience running a TACACS or Radius daemon on Linux? Where is a good place to find a Linux TACACS or Radius daemon?
http://www.miquels.cistron.nl/radius/
I heard that although TACACS is a Cisco product, Radius has more accounting and statistics capability, runs well on Linux, and will validate for Ciscos.
If Cisco IOS version >=11. Rubens Kuhl Jr.
We use slackware and livingston's radiusd (www.livingston.com) against a Cisco 3604 and Ascend Max. A search on fresmeat returned a few that look pretty interesting: radiusd-sql and perlradius. I've heard of "sectord" and it's supposed to be a lot more configurable but i have never been able to find it. Anyone have a url or any info on "sectord" ? thanks, -d ============== =---------= ============== Never put the words "diabolical master plan" on a resume Harte Hanks UNIX Services derrick@harte-hanks.com & Infrastructure 512.434.5999 ---Reply to mail from mnolan@southshore.com about TACACS or Radius daemon on Linux
Hi,
We are an ISP running several Cisco 2500s, 5200s, and 5300s as access servers. Currently we are entering each user into each box.
We are looking to set up a Red Hat Linux machine as either a TACACS or Radius server to centrally validate all our users.
Does anyone have any experience running a TACACS or Radius daemon on Linux? Where is a good place to find a Linux TACACS or Radius daemon?
I heard that although TACACS is a Cisco product, Radius has more accounting and statistics capability, runs well on Linux, and will validate for Ciscos.
Any help would appreciated.
Thanks, Mike
---End reply
On Tue, Oct 19, 1999 at 03:49:59PM +0000, mnolan@southshore.com wrote:
We are an ISP running several Cisco 2500s, 5200s, and 5300s as access servers. Currently we are entering each user into each box.
We are looking to set up a Red Hat Linux machine as either a TACACS or Radius server to centrally validate all our users.
Does anyone have any experience running a TACACS or Radius daemon on Linux? Where is a good place to find a Linux TACACS or Radius daemon?
I heard that although TACACS is a Cisco product, Radius has more accounting and statistics capability, runs well on Linux, and will validate for Ciscos.
RADIUS runs like a champ on Linux. It should run fine with Ciscos, but my RADIUS experience is primarily with Lucent Portmasters. Contact me off-list for the e-mail address of an owner of another ISP who may be able to help you configure RADIUS on a Cisco NAS. I've been using Merit AAA, but the licensing is rather strict and it's based on old code. Look for the Cistron RADIUS server on rpmfind.net - there are links to both source and binary packages. The most important part of getting RADIUS running on your Linux box is making sure your dictionary file contains vendor-specific entries for the brand of NAS that you are using. If you're using any one of the major brands - Cisco, Bay, Ascend, 3Com/USR - this is a non-issue. Again, I can't help you configure things on the Cisco, but I can help you get things running on the Linux box; feel free to contact me if you need some advice. -- North Shore Technologies Corporation Steven J. Sobol, President & Head Geek 815 Superior Avenue #610 sjsobol@NorthShoreTechnologies.net Cleveland, Ohio 44114 http://NorthShoreTechnologies.net I'm collecting donations for the Cleveland Indians so they can buy some pitching. If you want to contribute, please contact me.
At 10:49 AM 10/19/99 , mnolan@southshore.com wrote:
Hi,
We are an ISP running several Cisco 2500s, 5200s, and 5300s as access servers. Currently we are entering each user into each box.
We are looking to set up a Red Hat Linux machine as either a TACACS or Radius server to centrally validate all our users.
Does anyone have any experience running a TACACS or Radius daemon on Linux? Where is a good place to find a Linux TACACS or Radius daemon?
I heard that although TACACS is a Cisco product, Radius has more accounting and statistics capability, runs well on Linux, and will validate for Ciscos.
I'm running TACACS+ on multiple Red Hat Linux 5.2 boxes without any problems. The latest version on the tar you can get from Cisco allows you to select the OS before you run make. I believe it was written for Solaris but I have found that it works fine on Linux. You can add a few tweeks to make things easier, but it works fine. You can also download an RPM from freshmeat, but it has very limited capabilities. If you need further help, contact me since I don't think we need to get into this on this list. ______________________________________________________________________ Paul Froutan Main: 210-892-4000 Rackspace, Ltd Direct: 210-892-4010 Weston Centre Fax: 210-892-4329 112 East Pecan, Suite 600 Email: pfroutan@rackspace.com San Antonio, TX 78205 <http://www.rackspace.com> ---------------------------------------------------------------------- RACKSPACE.COM - Customized Dedicated Servers for Business (TM) ----------------------------------------------------------------------
TACACS is more flexible (it is connection-oriented text-based protocol, and allow to track the whole negotiation process, for example to very 'Passwd' prompt in dependence of the user's name etc. Text-nature makes this protocol more flexible for the new features, too. On the other hand, RADIUS is more standard and more compact. My choose should be - to run TACACS if you have CISCO-only equipment, and use FreeBSD instead of linux because this is more _server-oriented_ unix. But if you have a mixture of equipment, use RADIUS or both. Alex. On Wed, 20 Oct 1999, Paul Froutan wrote:
Date: Wed, 20 Oct 1999 13:35:29 -0500 From: Paul Froutan <pfroutan@rackspace.com> To: nanog@merit.edu Cc: mnolan@southshore.com Subject: Re: TACACS or Radius daemon on Linux
At 10:49 AM 10/19/99 , mnolan@southshore.com wrote:
Hi,
We are an ISP running several Cisco 2500s, 5200s, and 5300s as access servers. Currently we are entering each user into each box.
We are looking to set up a Red Hat Linux machine as either a TACACS or Radius server to centrally validate all our users.
Does anyone have any experience running a TACACS or Radius daemon on Linux? Where is a good place to find a Linux TACACS or Radius daemon?
I heard that although TACACS is a Cisco product, Radius has more accounting and statistics capability, runs well on Linux, and will validate for Ciscos.
I'm running TACACS+ on multiple Red Hat Linux 5.2 boxes without any problems. The latest version on the tar you can get from Cisco allows you to select the OS before you run make. I believe it was written for Solaris but I have found that it works fine on Linux. You can add a few tweeks to make things easier, but it works fine. You can also download an RPM from freshmeat, but it has very limited capabilities. If you need further help, contact me since I don't think we need to get into this on this list. ______________________________________________________________________ Paul Froutan Main: 210-892-4000 Rackspace, Ltd Direct: 210-892-4010 Weston Centre Fax: 210-892-4329 112 East Pecan, Suite 600 Email: pfroutan@rackspace.com San Antonio, TX 78205 <http://www.rackspace.com> ---------------------------------------------------------------------- RACKSPACE.COM - Customized Dedicated Servers for Business (TM) ----------------------------------------------------------------------
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 230-41-41, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
participants (7)
-
Alec H. Peterson
-
Alex P. Rudnev
-
Derrick Daugherty
-
mnolan@southshore.com
-
Paul Froutan
-
Rubens Kuhl Jr.
-
Steven J Sobol