TACACS or Radius daemon on Linux

Hi,

We are an ISP running several Cisco 2500s, 5200s, and 5300s as access
servers. Currently we are entering each user into each box.

We are looking to set up a Red Hat Linux machine as either a TACACS or
Radius server to centrally validate all our users.

Does anyone have any experience running a TACACS or Radius daemon
on Linux? Where is a good place to find a Linux TACACS or Radius
daemon?

I heard that although TACACS is a Cisco product, Radius has more
accounting and statistics capability, runs well on Linux, and will
validate for Ciscos.

Any help would appreciated.

Thanks,
Mike

mnolan@southshore.com wrote:

Hi,

We are an ISP running several Cisco 2500s, 5200s, and 5300s as access
servers. Currently we are entering each user into each box.

We are looking to set up a Red Hat Linux machine as either a TACACS or
Radius server to centrally validate all our users.

Does anyone have any experience running a TACACS or Radius daemon
on Linux? Where is a good place to find a Linux TACACS or Radius
daemon?

I have run TACACS+ on Linux servers for years, it works great.

Alec

Does anyone have any experience running a TACACS or Radius daemon
on Linux? Where is a good place to find a Linux TACACS or Radius
daemon?

http://www.miquels.cistron.nl/radius/

I heard that although TACACS is a Cisco product, Radius has more
accounting and statistics capability, runs well on Linux, and will
validate for Ciscos.

If Cisco IOS version >=11.

Rubens Kuhl Jr.

We use slackware and livingston's radiusd (www.livingston.com) against a
Cisco 3604 and Ascend Max. A search
on fresmeat returned a few that look pretty interesting: radiusd-sql and
perlradius.

I've heard of "sectord" and it's supposed to be a lot more configurable
but i have never been able to find it. Anyone have a url or any info on
"sectord" ?

thanks,
-d

============== =---------= ==============
     Never put the words "diabolical master plan" on a resume

Harte Hanks UNIX Services derrick@harte-hanks.com
& Infrastructure 512.434.5999

---Reply to mail from mnolan@southshore.com about TACACS or Radius daemon on Linux

Hi,

We are an ISP running several Cisco 2500s, 5200s, and 5300s as access
servers. Currently we are entering each user into each box.

We are looking to set up a Red Hat Linux machine as either a TACACS or
Radius server to centrally validate all our users.

Does anyone have any experience running a TACACS or Radius daemon
on Linux? Where is a good place to find a Linux TACACS or Radius
daemon?

I heard that although TACACS is a Cisco product, Radius has more
accounting and statistics capability, runs well on Linux, and will
validate for Ciscos.

Any help would appreciated.

Thanks,
Mike

---End reply

RADIUS runs like a champ on Linux. It should run fine with Ciscos, but my
RADIUS experience is primarily with Lucent Portmasters. Contact me off-list
for the e-mail address of an owner of another ISP who may be able to help
you configure RADIUS on a Cisco NAS.

I've been using Merit AAA, but the licensing is rather strict and it's based
on old code. Look for the Cistron RADIUS server on rpmfind.net - there are
links to both source and binary packages.

The most important part of getting RADIUS running on your Linux box is
making sure your dictionary file contains vendor-specific entries for the
brand of NAS that you are using. If you're using any one of the major brands
- Cisco, Bay, Ascend, 3Com/USR - this is a non-issue.

Again, I can't help you configure things on the Cisco, but I can help you
get things running on the Linux box; feel free to contact me if you need
some advice.

I'm running TACACS+ on multiple Red Hat Linux 5.2 boxes without any problems. The latest version on the tar you can get from Cisco allows you to select the OS before you run make. I believe it was written for Solaris but I have found that it works fine on Linux. You can add a few tweeks to make things easier, but it works fine. You can also download an RPM from freshmeat, but it has very limited capabilities. If you need further help, contact me since I don't think we need to get into this on this list.

TACACS is more flexible (it is connection-oriented text-based protocol,
and allow to track the whole negotiation process, for example to very
'Passwd' prompt in dependence of the user's name etc. Text-nature makes
this protocol more flexible for the new features, too.

On the other hand, RADIUS is more standard and more compact.

My choose should be - to run TACACS if you have CISCO-only
equipment, and use FreeBSD
instead of linux because this is more _server-oriented_ unix.

But if you have a mixture of equipment, use RADIUS or both.

Alex.