[afnog] Fw: Raduius/Tacacs+
Brian Candler
B.Candler at pobox.com
Thu Nov 24 16:25:07 EAT 2005
On Fri, Nov 25, 2005 at 02:29:24PM +0200, Thato Molise wrote:
> I want to set up Network Access Server - Cisco router with Linux RHL 3
> ES
> > for Dial-in Users... How can i encorporate RADIUS/TACACS+ with LDAP
> so that my dial-in user group are in the linux Server Computer?
A RADIUS server with an LDAP backend should be straightforward enough. I've
personally done this using OpenRADIUS, but I'm pretty sure freeradius (which
is more widely known) will do it too. Just use whichever you're more
familiar with - or which your colleagues are more familiar with! - and has
the features you want.
Since you mention LDAP, I'm guessing you've already got an LDAP server that
you wish to use. If not, then you have other choices. Your RADIUS server can
authenticate against a flat user text file (good for a few thousand users),
or against a .db file, or against an SQL database for example.
> Is there any other way that i can use without creating them in the
> router?
>
> I am currently greating my dial-in users in the router and i'm afraid
> its memory will be full soon and i think its also a very poor
> practice. Please help me with the documentation of the better
> communication method.
I think you're going along the right lines. I would use RADIUS rather than
TACACS though, since RADIUS is an open standard. This means you have many
more choices of RADIUS server software, and also if you ever get non-Cisco
dialup kit it will also work against the same RADIUS server.
Regards,
Brian.
More information about the afnog
mailing list