[j-nsp] Cisco ACS - Juniper Router Tacacs Authorization

[Johnson, Matthew (Matthew)]

Thanks for all the replies.
 
I have managed to get locally defined classes working with Cisco ACS using allow and deny syntax on the juniper devices.
What I am hoping to do is define the authorization commands on the Cisco ACS server and not have to define them locally.
I have seen examples for the unix free tacacs+ software defining the service in the tacplus.conf file.

service = junos-exec {
local-user-name = Username
allow-commands = "^regexp$"
allow-configuration = "^regexp$"
deny-commands = "^regexp$"
deny-configuration = "^regexp$"

Where in the web gui on the Cisco ACS 3.3 software for Windows can this service can be defined?
Can it be defined inthe Cisco ACS software?
 
Regards
 
Matt

-----Original Message-----
From: Kim Onnel [mailto:karim.adel at gmail.com]
Sent: 18 September 2005 13:03
To: Johnson, Matthew (Matthew)
Subject: Re: [j-nsp] Cisco ACS - Juniper Router Tacacs Authorization


Are you running ACS for windows or unix ?


On 9/16/05, Johnson, Matthew (Matthew) < johnsonm at lucent.com <mailto:johnsonm at lucent.com> > wrote: 

Hi,

I have managed to configure Cisco ACs for Juniper tacacs authentication but I am not sure how to get the authorization working. 
Does anyone have a configuration example of where the junos-exec service needs to be defined for the allow and deny commands and configuration syntax.

Regards

Matt

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net> 
http://puck.nether.net/mailman/listinfo/juniper-nsp <http://puck.nether.net/mailman/listinfo/juniper-nsp>