

Ask HN: Compelling uses for RADIUS? - bdunbar

I am now de facto the &#x27;network&#x27; guy _and_ the linux guy, for an organization providing SaaS (eDiscovery). Go, me.<p>Reading up on the switches and firewall I&#x27;m installing I see that if I have a RADIUS server I can<p>- Authenticate users to the switch, and router.<p>- Control access to VLAN.<p>This is all kinds of cool, and will probably cause me to install a RADIUS server, because 1 is handy and 2 strikes me as a great way to assert control over my network.<p>Are there any other compelling uses for a RADIUS server?
======
edwhitesell
If you're purely looking at control for switches and other network gear,
you'll probably be better served by TACACS. That is, provided your network
gear supports it. TACACS will let you define fine-grained control, to the
point of controlling commands users are able to run.

RADIUS is great to use when providing Internet access. I've used it doing
everything from dial-up to 3G, and DIAMETER into the 4G world. In my
experience, it has some great uses in the general IT area too, because it's
been around for such a long time and is supported (even in the most basic
sense) across a wide swath of applications, services, servers, etc. as an
authentication mechanism. For example, you'll likely be able to use the same
RADIUS server as your networking gear to authenticate users for VPN access.
Also, the RADIUS server could use your AD or LDAP infrastructure for the
credentials.

You likely won't get much use of the Authorization or Accounting functionality
RADIUS provides, but you never know what you'll need in the future.

