[j-nsp] SecurID- Cisco ACS - Tacacs+ - Juniper

Brian McGehee bmcgehee at opsware.com
Fri Oct 14 18:54:41 EDT 2005


Hi, looking for some help/guidance.  Trying to get Juniper M5 w/ JUNOS
6.4r2.4 to authenticate using my Cisco ACS server and SecurID.  When
attempting to login, Securid logs shows passcode accepted.  Cisco ACS
shows passed authentication, but Juniper log shows:

 

Oct 15 08:18:13  lab-JuniperM5-rt1 login:
LOGIN_PAM_AUTHENTICATION_ERROR: PAM authentication error for user
qatest1

Oct 15 08:18:13  lab-JuniperM5-rt1 login: LOGIN_FAILED: Login failed for
user qatest1 from host 10.255.136.110

 

Here is junos config:

    tacplus-server {

        10.255.132.87 {

            secret "$9$j5H.5u0IEhr/C0IESMW"; ## SECRET-DATA

            source-address 10.255.1.99;

        }

    }

    login {

        class tacacs {

            permissions all;

        }

        user remote {

            full-name "All tacacs users;";

            uid 9999;

            class tacacs;

        }

    }

 

I have seen in the docs that you do not need to configure the JUNOS
attributes to run w/ tacacs+ (so I don't want to... unless I have to.)
I'm really not sure where in Cisco ACS to include these if they are
required.

 

Your assistance is appreciated.

 

Sincerely,

Brian McGehee

Opsware, Inc.

425.636.2148 x294

 

"Men never do evil so completely and cheerfully as when they do it from
a religious conviction" - Blaise Pascal

 

 



More information about the juniper-nsp mailing list