[j-nsp] SecurID- Cisco ACS - Tacacs+ - Juniper
Brian McGehee
bmcgehee at opsware.com
Fri Oct 14 18:54:41 EDT 2005
Hi, looking for some help/guidance. Trying to get Juniper M5 w/ JUNOS
6.4r2.4 to authenticate using my Cisco ACS server and SecurID. When
attempting to login, Securid logs shows passcode accepted. Cisco ACS
shows passed authentication, but Juniper log shows:
Oct 15 08:18:13 lab-JuniperM5-rt1 login:
LOGIN_PAM_AUTHENTICATION_ERROR: PAM authentication error for user
qatest1
Oct 15 08:18:13 lab-JuniperM5-rt1 login: LOGIN_FAILED: Login failed for
user qatest1 from host 10.255.136.110
Here is junos config:
tacplus-server {
10.255.132.87 {
secret "$9$j5H.5u0IEhr/C0IESMW"; ## SECRET-DATA
source-address 10.255.1.99;
}
}
login {
class tacacs {
permissions all;
}
user remote {
full-name "All tacacs users;";
uid 9999;
class tacacs;
}
}
I have seen in the docs that you do not need to configure the JUNOS
attributes to run w/ tacacs+ (so I don't want to... unless I have to.)
I'm really not sure where in Cisco ACS to include these if they are
required.
Your assistance is appreciated.
Sincerely,
Brian McGehee
Opsware, Inc.
425.636.2148 x294
"Men never do evil so completely and cheerfully as when they do it from
a religious conviction" - Blaise Pascal
More information about the juniper-nsp
mailing list