05-18-2009 05:40 AM
Hi,
I know that it's possible to create different groups of devices in LMS through ACS, in such a way that a specific user cannot access to devices not assigned to him.
Is it possible to do it with a FreeRadius instead of a ACS?
Many thanks.
Solved! Go to Solution.
05-18-2009 06:36 AM
No. ACS and TACACS+ are required to do this. With only a Radius server, you will only be able to provide external centralized authentication. None of the custom roles or device grouping capabilities will be available.
05-18-2009 07:11 AM
However, this will not work with LMS. In order to restrict what devices an LMS user can manage, you need Cisco Secure ACS.
05-18-2009 06:36 AM
No. ACS and TACACS+ are required to do this. With only a Radius server, you will only be able to provide external centralized authentication. None of the custom roles or device grouping capabilities will be available.
05-18-2009 06:53 AM
Generally, I'd say no, RADIUS is not a direct substitute for TACACS. But in this case, you can try emulating that basic behavior with huntgroups/sqlhuntgroups in FreeRadius:
05-18-2009 07:11 AM
However, this will not work with LMS. In order to restrict what devices an LMS user can manage, you need Cisco Secure ACS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide