Hi, David, Since I'm constantly securing Cisco VPN's via RADIUS with Windows Network Policy Server, I have a recipe that works quite well for that purpose, making the VPN logins follow desktop passwords and using AD group membership to address allowed VPN users.
I don't mind providing such information, if you're interested. However, without that information, RADIUS is indeed not for the faint of heart. On Tue, May 13, 2014 at 11:44 AM, David Boyes <dbo...@sinenomine.net> wrote: > > > I notice the link you provided uses RADIUS for authentication instead of > the others I pointed to that use Kerberos. Would you say that this is a > simpler and more supported way of handling the SSO issue? > > > > I’m not Gerald, but I’ll speak up: No, unless you have another REALLY > compelling reason to use RADIUS (like a dialup terminal server that uses it > for AAA), it’s not the direction you want to go. RADIUS is REALLY > complicated to get working right, and it’s increasingly rare. Kerberos/AD > (AD is just a integrated Kerberos/LDAP server) is the way to go. > > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
