[j-nsp] Junos tacacs+ authentication using Cisco ACS

edwin pua edgpua at yahoo.com
Thu Dec 22 01:39:47 EST 2005 

Hi Jared,
   
  Yes. My Cisco ACS server and juniper router are able to see each other within our network. 
   
  My problem is, i'm not sure what else do i need to  configure on the Cisco ACS for the attribute values. Previously, my authentication works fine using the freeware tacplus installed under linux server "/etc/tacacs_config". And right now, we've changed our server to Cisco ACS (window base).
   
  I just wanted to know whether someone here had an experience authenticating their juniper routers via tacacs using the Cisco ACS.
   
   
  rgds,
Edwin
   
  Jared Gull <jmgull at yahoo.com> wrote:
  Edwin,

The first thing I'd verify is that you have a route to
the server (192.168.2.1) and the server has a route
back to your source address (192.168.20.4). You could
test this by simply pinging the server address with
the source address specified. You will also, need to
verify the following:

- tacacs is specified in the authentication order. 
For more information on this check the following URL:

http://www.juniper.net/techpubs/software/junos/junos74/junoscript74-ref-config/html/summary-config289.html

- you will likely need to configure the remote user
account as specified in the URL below:

http://www.juniper.net/techpubs/software/junos/junos74/swconfig74-system-basics/html/sys-mgmt-authentication6.html#1039222

- If after all of this is done and you're still having
problems, you should check the secret and make sure it
is set correctly on both sides (router and server) AND
verify there are no firewall filters applied to your
interfaces that may be causing communication issues.

Hope this helps.

Jared Gull

--- edwin pua wrote:

> Hi All,
> 
> Just need your help on how will i make my juniper
> router authenticate using the Cisco ACS.
> 
> I'm having some problem on my juniper router to
> communicate with our Cisco ACS. here's my config on
> the router:
> 
> # Juniper configuration:
> tacplus-server {
> 192.168.2.1 {
> secret
> "$9$VAb4ZUDkPfzX7jqfzCA8X7Ns4UDkm5F"; ## SECRET-DATA
> single-connection;
> source-address 192.168.20.4;
> }
> }
> accounting {
> events interactive-commands;
> destination {
> tacplus {
> server {
> 192.168.2.1 secret
> "$9$hDecK8XxdsYoO17VYojiuO1IyKXxdw2a"; ##
> SECRET-DATA
> }
> 
> user high {
> uid 3453;
> class superuser;
> }
> user low {
> uid 2341;
> class low_class;
> 
> 
> P.S. What else do i need to configure on my Cisco
> ACS?
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
> 


__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
  


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the juniper-nsp mailing list