Re: [Nolug] Radius & Tacacs+

From: Dustin Puryear <dustin_at_puryear-it.com>
Date: Thu, 15 Jan 2009 11:13:24 -0600
Message-ID: <496F6EB4.5060509@puryear-it.com>

pam_radius_auth. Cool!

If you want to properly manage Windows boxes you will need Samba or AD.
It's hard to get around it. With AD you can really tighten up the
security as well (GPOs help for one, as mentioned by Jeremy).

John Souvestre wrote:
> Hi Dustin.
>
> Not anti AD. Probably will end up with that on the Windows boxes.
>
> I did find what looks like a good Linux Radius client -
> http://freeradius.org/pam_radius_auth/
>
> Thanks,
>
> John
>
> John Souvestre - Integrated Data Systems - (504) 355-0609
>
> > -----Original Message-----
> > From: owner-nolug@stoney.redfishnetworks.com [mailto:owner-
> > nolug@stoney.redfishnetworks.com] On Behalf Of Dustin Puryear
> > Sent: Thursday, January 15, 2009 9:46 AM
> > To: nolug@nolug.org
> > Subject: Re: [Nolug] Radius & Tacacs+
> >
> > I've never seen that done. I'd be curious to see what you come up with.
> > Normally, if a shop is just anti-AD, then I may see something like:
> >
> > LDAP -> Samba -> Windows
> > |-> RADIUS -> RADIUS clients, Cisco VPNs, etc.
> > |-> Native LDAP auth (Apache, pam_ldap)
> > |-> NIS -> Older UNIX
> >
> > I've never seen RADIUS -> Windows though, although you could do a GINA
> > to make that happen certainly. Just not sure if it's been written.
> >
> > You could replace LDAP above with AD of course.
> >
> > Let us know how this progresses!
> >
> > John Souvestre wrote:
> > > Hi Dustin.
> > >
> > > Yes.
> > >
> > > John
> > >
> > > John Souvestre - Integrated Data Systems - (504) 355-0609
> > >
> > > > -----Original Message-----
> > > > From: owner-nolug@stoney.redfishnetworks.com [mailto:owner-
> > > > nolug@stoney.redfishnetworks.com] On Behalf Of Dustin Puryear
> > > > Sent: Thursday, January 15, 2009 9:24 AM
> > > > To: nolug@nolug.org
> > > > Subject: Re: [Nolug] Radius & Tacacs+
> > > >
> > > > But what are you authenticating on Windows? Normal logins?
> > > >
> > > > John Souvestre wrote:
> > > > > Hi Dustin.
> > > > >
> > > > > So we can leverage our existing Tacacs+/Radius server.
> > > > >
> > > > > John
> > > > >
> > > > > John Souvestre - Integrated Data Systems - (504) 355-0609
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: owner-nolug@stoney.redfishnetworks.com [mailto:owner-
> > > > > > nolug@stoney.redfishnetworks.com] On Behalf Of Dustin Puryear
> > > > > > Sent: Thursday, January 15, 2009 9:03 AM
> > > > > > To: nolug@nolug.org
> > > > > > Subject: Re: [Nolug] Radius & Tacacs+
> > > > > >
> > > > > > I have to ask: Why a RADIUS client for Windows?
> > > > > >
> > > > > > John Souvestre wrote:
> > > > > > > Hi all.
> > > > > > >
> > > > > > > Does anyone have any recommendations for Radius and Tacacs+
> > clients
> > > > (not
> > > > > > > servers) to run on Linux and Windows?
> > > > > > >
> > > > > > > Thanks,
> > > > > > >
> > > > > > > John
> > > > > > >
> > > > > > > John Souvestre - Integrated Data Systems - (504) 355-0609
> > > > > > >
> > > > > > >
> > > > > > > ___________________
> > > > > > > Nolug mailing list
> > > > > > > nolug@nolug.org
> > > > > > >
> > > > > > > --
> > > > > > > This message was scanned by ESVA and is believed to be clean.
> > > > > > > Click here to report this message as spam.
> > > > > > > http://esva.puryear-it.com/cgi-bin/learn-msg.cgi?id=
> > > > > > >
> > > > > > >
> > > > > >
> > > > > > --
> > > > > > Dustin Puryear
> > > > > > President and Sr. Consultant
> > > > > > Puryear Information Technology, LLC
> > > > > > 225-706-8414 x112
> > > > > > http://www.puryear-it.com
> > > > > >
> > > > > > Author, "Best Practices for Managing Linux and UNIX Servers"
> > > > > > http://www.puryear-it.com/pubs/linux-unix-best-practices/
> > > > > > ___________________
> > > > > > Nolug mailing list
> > > > > > nolug@nolug.org
> > > > >
> > > > > ___________________
> > > > > Nolug mailing list
> > > > > nolug@nolug.org
> > > > >
> > > > > --
> > > > > This message was scanned by ESVA and is believed to be clean.
> > > > > Click here to report this message as spam.
> > > > > http://esva.puryear-it.com/cgi-bin/learn-msg.cgi?id=
> > > > >
> > > > >
> > > >
> > > > --
> > > > Dustin Puryear
> > > > President and Sr. Consultant
> > > > Puryear Information Technology, LLC
> > > > 225-706-8414 x112
> > > > http://www.puryear-it.com
> > > >
> > > > Author, "Best Practices for Managing Linux and UNIX Servers"
> > > > http://www.puryear-it.com/pubs/linux-unix-best-practices/
> > > > ___________________
> > > > Nolug mailing list
> > > > nolug@nolug.org
> > >
> > > ___________________
> > > Nolug mailing list
> > > nolug@nolug.org
> > >
> > > --
> > > This message was scanned by ESVA and is believed to be clean.
> > > Click here to report this message as spam.
> > > http://esva.puryear-it.com/cgi-bin/learn-msg.cgi?id=
> > >
> > >
> >
> > --
> > Dustin Puryear
> > President and Sr. Consultant
> > Puryear Information Technology, LLC
> > 225-706-8414 x112
> > http://www.puryear-it.com
> >
> > Author, "Best Practices for Managing Linux and UNIX Servers"
> > http://www.puryear-it.com/pubs/linux-unix-best-practices/
> > ___________________
> > Nolug mailing list
> > nolug@nolug.org
>
> ___________________
> Nolug mailing list
> nolug@nolug.org
>
> --
> This message was scanned by ESVA and is believed to be clean.
> Click here to report this message as spam.
> http://esva.puryear-it.com/cgi-bin/learn-msg.cgi?id=
>
> 

-- 
Dustin Puryear
President and Sr. Consultant
Puryear Information Technology, LLC
225-706-8414 x112
http://www.puryear-it.com
Author, "Best Practices for Managing Linux and UNIX Servers"
  http://www.puryear-it.com/pubs/linux-unix-best-practices/
___________________
Nolug mailing list
nolug@nolug.org
Received on 01/15/09

This archive was generated by hypermail 2.2.0 : 02/17/09 EST