[c-nsp] Choosing a radius package

Voll, Scott Scott.Voll at wesd.org
Mon Feb 20 14:19:28 EST 2006 

And what about cisco ACS?  Does it not do the Nortel piece?

Scott

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ray Burkholder
Sent: Monday, February 20, 2006 11:03 AM
To: 'Adam Maloney'; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Choosing a radius package

With documents such as like ones found at
http://www.itdojo.com/synner/pdf/synner2.pdf, wouldn't it make sense to
use
Windows IAS server (aka radius) to do your authentication?  Or are there
things missing that force you to use FR or SBR? 

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Adam Maloney
Sent: Monday, February 20, 2006 14:40
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Choosing a radius package

I need to implement radius for the following:

Cisco Aironet wireless (pairs of 350's)
PIX VPN clients
Cisco dial-in users
Nortel Contivity VPN clients

These need to authenticate to (ugh) Active Directory.

Unless I hear strong arguments otherwise, I've boiled it down to either
FreeRADIUS or Funk's Steel-Belted radius.  It appears either will do the
above.

My concern with SBR is on integrating it with custom tools and modules. 
I'll be forced to use either the Windows version or the appliance,
(Solaris
and Linux are not options for this app) and in both cases that will
hinder
my ability to manage/customize it.  I'm mostly thinking in terms of, 6
months down the road we want to do something that SBR can't do, and
there's
no way to customize it.

I'd be running Freeradius under FreeBSD.

My only concerns with Freeradius are AD integration and support.  AD
integration supposedly works, but it looks kind of kludgy.  3rd-party
support exists, but at least one of the companies I contacted didn't
return
my e-mail.  If I can get a definite "We're using it against AD with
<some
ungodly number> auths/second and it works great", I don't think
3rd-party
support will be an issue.  Other than the AD stuff, I'm confident I can
support it myself.

Opinions are greatly appreciated.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

--
Scanned for viruses and dangerous content at http://www.oneunified.net
and
is believed to be clean.



-- 
Scanned for viruses and dangerous content at 
http://www.oneunified.net and is believed to be clean.

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list