09-11-2003 06:03 PM - edited 02-21-2020 10:08 AM
If I am using the Win2k Radius server to authenticate users via the Active Directory domain do I still need the Cisco ACS software to work between these or can the PIX talk and authenticate directly to the Radius server in Windows?
Thanks,
Greg
09-11-2003 10:01 PM
The PIX will talk directly to any Radius server. Radius is a standard, so as long as the server conforms to the standard (which MS does), then the PIX will get along quite well with it. It doesn't matter that the MS Radius server is authenticating users out of AD, the communication between the PIX and the Radius server is still Radius.
09-12-2003 01:59 AM
So when is the Cisco ACS server required or what is the added bnefit it might provide since it is not required? Is it just another RADIUS server?
Thanks,
Greg
09-12-2003 04:03 AM
From a discussion with my colleague occured some months ago, you have more flexibility and option with TACACS (ACS) than Radius. If my memory is good, the difference is mainly about authorization functions which is more complete and flexible with TACACS.
See also:
http://www.easynet.de/tacacs-faq/tacacs-faq-7.html
Ben
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide