Hi, David,

Since I'm constantly securing Cisco VPN's via RADIUS with Windows Network Policy Server, I have a recipe that works quite well for that purpose, making the VPN logins follow desktop passwords and using AD group membership to address allowed VPN users.

I don't mind providing such information, if you're interested. However, without that information, RADIUS is indeed not for the faint of heart.

On Tue, May 13, 2014 at 11:44 AM, David Boyes <dboyes@sinenomine.net> wrote:

I notice the link you provided uses RADIUS for authentication instead of the others I pointed to that use Kerberos. Would you say that this is a simpler and more supported way of handling the SSO issue?

I’m not Gerald, but I’ll speak up: No, unless you have another REALLY compelling reason to use RADIUS (like a dialup terminal server that uses it for AAA), it’s not the direction you want to go. RADIUS is REALLY complicated to get working right, and it’s increasingly rare. Kerberos/AD (AD is just a integrated Kerberos/LDAP server) is the way to go.

---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs