Re: TACACS or Radius daemon on Linux

[Steven J Sobol <sjsobol () NorthShoreTechnologies net>]

On Tue, Oct 19, 1999 at 03:49:59PM +0000, mnolan () southshore com wrote:

> We are an ISP running several Cisco 2500s, 5200s, and 5300s as access 
> servers.  Currently we are entering each user into each box.
>
> We are looking to set up a Red Hat Linux machine as either a TACACS or
> Radius server to centrally validate all our users.
>
> Does anyone have any experience running a TACACS or Radius daemon
> on Linux?  Where is a good place to find a Linux TACACS or Radius 
> daemon?
>
> I heard that although TACACS is a Cisco product, Radius has more 
> accounting and statistics capability, runs well on Linux, and will 
> validate for Ciscos.

RADIUS runs like a champ on Linux. It should run fine with Ciscos, but my
RADIUS experience is primarily with Lucent Portmasters. Contact me off-list
for the e-mail address of an owner of another ISP who may be able to help
you configure RADIUS on a Cisco NAS.

I've been using Merit AAA, but the licensing is rather strict and it's based
on old code. Look for the Cistron RADIUS server on rpmfind.net - there are
links to both source and binary packages.

The most important part of getting RADIUS running on your Linux box is
making sure your dictionary file contains vendor-specific entries for the
brand of NAS that you are using. If you're using any one of the major brands
- Cisco, Bay, Ascend, 3Com/USR - this is a non-issue.

Again, I can't help you configure things on the Cisco, but I can help you
get things running on the Linux box; feel free to contact me if you need
some advice.


-- 
North Shore Technologies Corporation
Steven J. Sobol, President & Head Geek
815 Superior Avenue #610      sjsobol () NorthShoreTechnologies net
Cleveland, Ohio 44114         http://NorthShoreTechnologies.net

I'm collecting donations for the Cleveland Indians so they can buy some
pitching. If you want to contribute, please contact me.