[j-nsp] Cisco ACS - Juniper Router Tacacs Authorization
Ravindra Botkar
ravibotkar at yahoo.com
Sat Sep 17 12:37:40 EDT 2005
Hi,
I am pasting notes from Juniper Networks site here:
Configuring Juniper Networks-Specific TACACS+
Attributes:
The JUNOS software retrieves these attributes through
an authorization request of the TACACS+ server after
authenticating a user. You do not need to configure
these attributes to run JUNOS with TACACS+.
To specify these attributes, include a service
statement of the following form in the
TACACS+ server configuration file:
service = junos-exec {
local-user-name = <username-local-to-router>
allow-commands = "<allow-commands-regexp>"
allow-configuration =
"<allow-configuration-regexp>"
deny-commands = "<deny-commands-regexp>"
deny-configuration = "<deny-configuration-regexp>"
}
Regards
--- "Johnson, Matthew (Matthew)" <johnsonm at lucent.com>
wrote:
> Hi,
>
> I have managed to configure Cisco ACs for Juniper
> tacacs authentication but I am not sure how to get
> the authorization working.
> Does anyone have a configuration example of where
> the junos-exec service needs to be defined for the
> allow and deny commands and configuration syntax.
>
> Regards
>
> Matt
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
______________________________________________________
Yahoo! for Good
Donate to the Hurricane Katrina relief effort.
http://store.yahoo.com/redcross-donate3/
More information about the juniper-nsp
mailing list