[c-nsp] Choosing a radius package
Adam Maloney
adam at whee.org
Mon Feb 20 13:40:08 EST 2006
I need to implement radius for the following:
Cisco Aironet wireless (pairs of 350's)
PIX VPN clients
Cisco dial-in users
Nortel Contivity VPN clients
These need to authenticate to (ugh) Active Directory.
Unless I hear strong arguments otherwise, I've boiled it down to either
FreeRADIUS or Funk's Steel-Belted radius. It appears either will do the
above.
My concern with SBR is on integrating it with custom tools and modules.
I'll be forced to use either the Windows version or the appliance,
(Solaris and Linux are not options for this app) and in both cases that
will hinder my ability to manage/customize it. I'm mostly thinking in
terms of, 6 months down the road we want to do something that SBR can't
do, and there's no way to customize it.
I'd be running Freeradius under FreeBSD.
My only concerns with Freeradius are AD integration and support. AD
integration supposedly works, but it looks kind of kludgy. 3rd-party
support exists, but at least one of the companies I contacted didn't
return my e-mail. If I can get a definite "We're using it against AD with
<some ungodly number> auths/second and it works great", I don't think
3rd-party support will be an issue. Other than the AD stuff, I'm
confident I can support it myself.
Opinions are greatly appreciated.
More information about the cisco-nsp
mailing list