[j-nsp] Junos tacacs+ authentication using Cisco ACS

Ravindra Botkar ravibotkar at yahoo.com
Thu Dec 22 01:49:13 EST 2005


Hi Edwin,

 also add following command:

[edit system]
authentication order [tacplus]

Let me know if this works..

Regards,
Ravindra

--- edwin pua <edgpua at yahoo.com> wrote:

> Hi Jared,
>    
>   Yes. My Cisco ACS server and juniper router are
> able to see each other within our network. 
>    
>   My problem is, i'm not sure what else do i need to
>  configure on the Cisco ACS for the attribute
> values. Previously, my authentication works fine
> using the freeware tacplus installed under linux
> server "/etc/tacacs_config". And right now, we've
> changed our server to Cisco ACS (window base).
>    
>   I just wanted to know whether someone here had an
> experience authenticating their juniper routers via
> tacacs using the Cisco ACS.
>    
>    
>   rgds,
> Edwin
>    
>   Jared Gull <jmgull at yahoo.com> wrote:
>   Edwin,
> 
> The first thing I'd verify is that you have a route
> to
> the server (192.168.2.1) and the server has a route
> back to your source address (192.168.20.4). You
> could
> test this by simply pinging the server address with
> the source address specified. You will also, need to
> verify the following:
> 
> - tacacs is specified in the authentication order. 
> For more information on this check the following
> URL:
> 
>
http://www.juniper.net/techpubs/software/junos/junos74/junoscript74-ref-config/html/summary-config289.html
> 
> - you will likely need to configure the remote user
> account as specified in the URL below:
> 
>
http://www.juniper.net/techpubs/software/junos/junos74/swconfig74-system-basics/html/sys-mgmt-authentication6.html#1039222
> 
> - If after all of this is done and you're still
> having
> problems, you should check the secret and make sure
> it
> is set correctly on both sides (router and server)
> AND
> verify there are no firewall filters applied to your
> interfaces that may be causing communication issues.
> 
> Hope this helps.
> 
> Jared Gull
> 
> --- edwin pua wrote:
> 
> > Hi All,
> > 
> > Just need your help on how will i make my juniper
> > router authenticate using the Cisco ACS.
> > 
> > I'm having some problem on my juniper router to
> > communicate with our Cisco ACS. here's my config
> on
> > the router:
> > 
> > # Juniper configuration:
> > tacplus-server {
> > 192.168.2.1 {
> > secret
> > "$9$VAb4ZUDkPfzX7jqfzCA8X7Ns4UDkm5F"; ##
> SECRET-DATA
> > single-connection;
> > source-address 192.168.20.4;
> > }
> > }
> > accounting {
> > events interactive-commands;
> > destination {
> > tacplus {
> > server {
> > 192.168.2.1 secret
> > "$9$hDecK8XxdsYoO17VYojiuO1IyKXxdw2a"; ##
> > SECRET-DATA
> > }
> > 
> > user high {
> > uid 3453;
> > class superuser;
> > }
> > user low {
> > uid 2341;
> > class low_class;
> > 
> > 
> > P.S. What else do i need to configure on my Cisco
> > ACS?
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam
> > protection around 
> > http://mail.yahoo.com 
> > _______________________________________________
> > juniper-nsp mailing list
> juniper-nsp at puck.nether.net
> >
> http://puck.nether.net/mailman/listinfo/juniper-nsp
> > 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
>   
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the juniper-nsp mailing list