[j-nsp] Junos tacacs+ authentication using Cisco ACS
Ravindra Botkar
ravibotkar at yahoo.com
Thu Dec 22 01:49:13 EST 2005
Hi Edwin,
also add following command:
[edit system]
authentication order [tacplus]
Let me know if this works..
Regards,
Ravindra
--- edwin pua <edgpua at yahoo.com> wrote:
> Hi Jared,
>
> Yes. My Cisco ACS server and juniper router are
> able to see each other within our network.
>
> My problem is, i'm not sure what else do i need to
> configure on the Cisco ACS for the attribute
> values. Previously, my authentication works fine
> using the freeware tacplus installed under linux
> server "/etc/tacacs_config". And right now, we've
> changed our server to Cisco ACS (window base).
>
> I just wanted to know whether someone here had an
> experience authenticating their juniper routers via
> tacacs using the Cisco ACS.
>
>
> rgds,
> Edwin
>
> Jared Gull <jmgull at yahoo.com> wrote:
> Edwin,
>
> The first thing I'd verify is that you have a route
> to
> the server (192.168.2.1) and the server has a route
> back to your source address (192.168.20.4). You
> could
> test this by simply pinging the server address with
> the source address specified. You will also, need to
> verify the following:
>
> - tacacs is specified in the authentication order.
> For more information on this check the following
> URL:
>
>
http://www.juniper.net/techpubs/software/junos/junos74/junoscript74-ref-config/html/summary-config289.html
>
> - you will likely need to configure the remote user
> account as specified in the URL below:
>
>
http://www.juniper.net/techpubs/software/junos/junos74/swconfig74-system-basics/html/sys-mgmt-authentication6.html#1039222
>
> - If after all of this is done and you're still
> having
> problems, you should check the secret and make sure
> it
> is set correctly on both sides (router and server)
> AND
> verify there are no firewall filters applied to your
> interfaces that may be causing communication issues.
>
> Hope this helps.
>
> Jared Gull
>
> --- edwin pua wrote:
>
> > Hi All,
> >
> > Just need your help on how will i make my juniper
> > router authenticate using the Cisco ACS.
> >
> > I'm having some problem on my juniper router to
> > communicate with our Cisco ACS. here's my config
> on
> > the router:
> >
> > # Juniper configuration:
> > tacplus-server {
> > 192.168.2.1 {
> > secret
> > "$9$VAb4ZUDkPfzX7jqfzCA8X7Ns4UDkm5F"; ##
> SECRET-DATA
> > single-connection;
> > source-address 192.168.20.4;
> > }
> > }
> > accounting {
> > events interactive-commands;
> > destination {
> > tacplus {
> > server {
> > 192.168.2.1 secret
> > "$9$hDecK8XxdsYoO17VYojiuO1IyKXxdw2a"; ##
> > SECRET-DATA
> > }
> >
> > user high {
> > uid 3453;
> > class superuser;
> > }
> > user low {
> > uid 2341;
> > class low_class;
> >
> >
> > P.S. What else do i need to configure on my Cisco
> > ACS?
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam
> > protection around
> > http://mail.yahoo.com
> > _______________________________________________
> > juniper-nsp mailing list
> juniper-nsp at puck.nether.net
> >
> http://puck.nether.net/mailman/listinfo/juniper-nsp
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around
> http://mail.yahoo.com
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around
> http://mail.yahoo.com
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the juniper-nsp
mailing list