From: Sam Munzani (sam@xxxxxxxxxxx)
Date: Fri Jan 04 2002 - 11:54:22 GMT-3
Comments Inline.
> There are Linux RPM's for both, I run them at home on a Redhat 7.2 box..
> Any old intel, sparc, or Alpha compatible box with a Nic will do. You
> can download the Redhat CDRom ISO images from redhat..
>
> You can find your RPM's at http://rpmfind.net/linux/RPM/ do a search
> for "tacacs" or "radius"
> Redhat can be found at
> ftp://ftp.redhat.com/pub/redhat/linux/7.2/en/iso/i386 for "i386" intel
> compatibles.. you only need the two image files (not the SRPMS), most cd
> burner software will work,, you may need 800minute cdroms..
>
> The real trick is setting up the configuration files...
You are right on it. I played with it for a while but having hard time
getting Authorization to work. Authentication works fine. If you can share
your config file with some mock data, it will be a great help to me. I am
using Windows 2000 Radius now but wants to use TACACS+ on Linux with
/etc/passwd authentication and authorization if I can.
Thanks in advance,
Sam
>
> Casey
>
> P.S. Yes I am a linux fan, the other benifits are free protocol
> analyzers (ethereal), GateD and Zebra if you need more BGP or OSPF
> peers, Those doing the security cert may be interested in snort and
> nesseus an excellent and free security scanner..
>
> Banyong, Don wrote:
>
> >To my knowledge, this is not possible. A Cisco router is not a Radius nor
a
> >TACACS server. Cisco cells a product that handles TACACS and RADIUS via
NDS,
> >NT SAM or any local database. This product is called Cisco Secure.
> >
> >A cheap and probably free solution is Windows 2000 Internet
Authentication
> >Service. It provides Radius aaa service but good luck trying to configure
> >it. Are there any Linux freebies on TACACS?
> >
> >Thanks,
> >Don
> >
> >-----Original Message-----
> >From: Andy Pilcher [mailto:andypilcher2@earthlink.net]
> >Sent: Thursday, January 03, 2002 9:20 PM
> >To: ccielab@groupstudy.com
> >Subject: AAA authorization against another router
> >
> >
> >Folks,
> >
> >Is there a way to make aaa authorization on one Cisco router key off of
> >another Cisco router's user database? I'm looking all over the Cisco
> >documentation site for it, but the only aaa authorization methods I can
> >find are the following:
> >
> >group radius
> >group tacacs+
> >group (radius/tacacs+ server subset)
> >if-authenticated
> >(none)
> >local
> >krb5-instance
> >
> >That's what's documented in the command reference for aaa
> >authorization. But I don't believe any of these let you authorize
> >against another Cisco router (the closest is "local"), unless there is
> >some way of telling the other router to act as a radius or a tacacs+
> >server. Is that possible?
> >
> >Thanx in advance.
> >
> >Andy Pilcher,
> >CCIE Wannabe
> --
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:16 GMT-3