[lug] Linux RADIUS and RAS

Kevin Fenzi kevin at scrye.com
Wed Dec 1 10:30:02 MST 1999 

>>>>> "Nate" == Nate Duehr <nate at natetech.com> writes:

Nate> Hi all, Looking for some "from the field" info on the "best"
Nate> RADIUS client being used by folks on Linux machines.  I see
Nate> there are a number of choices, and I'd like to use one that I
Nate> get good feedback on from others.

Nate> Need to set up RADIUS for various authentication purposes at
Nate> work.  Since the BLUG folks on this list are awfully
Nate> knowledgeable and most have great feedback for stuff like this,
Nate> I thought the list would be a good place to start.

Well, I have used freeradius. (Formerly Cistron Radius). It works
pretty darn well. It can even do things like allow only one login per
user or the like. It does have it's drawbacks, but for the most part
it's pretty good, and it's under active development. 

Nate> Also along the same lines, looking for input on anyone running
Nate> any of the TACACS or TACACS+ servers for Linux for use with
Nate> authentication of users on Cisco routers.  So far it looks like
Nate> most of them are still in alpha testing that I've found, but
Nate> there could be others I missed!

Haven't messed with TACACS in a long time...

Nate> Final question (Boy, I'm full of 'em tonight, aren't I?): Anyone
Nate> have a recommendation on a nice *stable* (i.e. LOW
Nate> ADMINISTRATION after initial setup) RAS box you like?  We have
Nate> an older 3Com, and it's pretty maintenance-free, but not doing
Nate> RAS for a living makes one wonder what else might be out there
Nate> blowing the market away in terms of being the "best", just like
Nate> the above question about RADIUS.

Nate> For the RAS, I'm looking for something to handle a medium-sized
Nate> business, nothing fancy like the monster stuff used by major
Nate> ISP's.  Port capacity for about 50 inbound calls, at maximum.  I
Nate> see that 3Com has a newer model that's somewhat modular (but not
Nate> huge) that looks like it can handle 4 PRI ISDN circuits for
Nate> inbound calls and still do other interesting goodies like
Nate> routing, etc.  Of course, one that integrates well with a
Nate> linux-based RADIUS system would be superb!

Yeah, my experence is with the livingston (now lucient)
portmasters. They are Very nice. On the other hand, they are also
pretty darn expensive. I would look at them and see if they are
affordable for your needs, and also look at the Cisco/3com
offerings. ;) 

Nate> Thanks in advance, very much.
Nate> Nate, nate at natetech.com

kevin
-- 
Kevin Fenzi
MTS, tummy.com, ltd.
http://www.tummy.com/  KRUD - Kevin's Red Hat Uber Distribution

More information about the LUG mailing list