Hi list, We are in the process of evaluating RADIATOR for our AAA needs. We are still in the initial stages of eval and are noticing that RADIATOR is extremely flexible and also a bit daunting (not a bad thing) at first glance because of all the options it has. The ref manual and the goodies has a bunch of great info but I want to make sure that RADIATOR satisfy our needs before sending loads of time playing with it.
Here is what we need: Juniper (JUNOS) devices to authenticate users via TACACS+. Authentication of the users should be done via 1) LDAPS queries to Active Directory and/or 2) local accounts. If Authentication is done by 1) then check Active Directory group membership to determine which local RADIATOR group(s) the user is mapped to. RADIATOR groups = user's permissions. If Authentication is done by 2) then just check local RADIATOR group(s) for user permissions. I don't know if there is such a thing as 'mappings' between AD groups and local RADIATOR groups or how this would actually work. As far as Accounting goes, I know RADIATOR can write to a log file but can we also use syslog? Is it possible to have 'groups' of NAS devices? Something like NAS groups Routers, Firewalls, etc.? If so how does one determine into which group does a NAS device fall into? Can we do this via IP, IP/Mask, some TACACS+ attribute, etc? >From a 10k foot view of RADIATOR, what are the major configuration/policy components available to users? Is there such a thing as NAS client groups, Authentication and Authorization "role mappings"? Does anyone have a working configuration they could share for the LDAPS queries to AD and Authorization based on AD group members? Thanks!
_______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
