Hi, David,
Since I'm constantly securing Cisco VPN's via RADIUS with Windows Network
Policy Server, I have a recipe that works quite well for that purpose,
making the VPN logins follow desktop passwords and using AD group
membership to address allowed VPN users.
I don't mind providing such information, if you're interested. However,
without that information, RADIUS is indeed not for the faint of heart.
On Tue, May 13, 2014 at 11:44 AM, David Boyes
I notice the link you provided uses RADIUS for authentication instead of the others I pointed to that use Kerberos. Would you say that this is a simpler and more supported way of handling the SSO issue?
I’m not Gerald, but I’ll speak up: No, unless you have another REALLY compelling reason to use RADIUS (like a dialup terminal server that uses it for AAA), it’s not the direction you want to go. RADIUS is REALLY complicated to get working right, and it’s increasingly rare. Kerberos/AD (AD is just a integrated Kerberos/LDAP server) is the way to go.
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs