Hi all,
I'm looking for a solution to grant login into routers/switches using the active directory logon name. This to have a sort of single-sign-on.
Looking around I've found that all it's possible using Radius, obviously, but loosing the availability to log all commands written in the CLI. The only technology can do it, as I know, is tacacs+ that is a really old protocol and not integrated in any way with kerberos...
Which is your solution? Have u an hint how to solve this thing? I've to manage about 1,000 routers/switches...
Thanks Stefano