[j-nsp] JUNOS S/W - tacacs+ problem

Raymond Ho raymond.wj at gmail.com
Fri Apr 13 10:21:04 EDT 2007


Hi Thomas,

Thanks for the feedback and assistance.

My configuration is fine. If you take a look at your tacacs accounting records, you'll notice that your UID source IP is displaying the router's hostname instead of your actual source IP.

It's just the accounting log information that's just an eye sore to me. :)

I believe you should be seeing the same scenario in your tacacs accounting log,

This issue is still an open PR in JTAC. Not sure if it'll be fixed in the future releases.

Cheers.


--raymondh 


Thomas Mangin wrote on Thu, Apr 12, 2007 at 10:22:31PM SGT :
| Raymond,
| 
| I use Tacacs with 7.3 and 7.6 without issues.
| Do not know if it helps but here is what I have you do not specified ..
| (The rest is more or less like yours).
| 
| login {
|     message "Authorised Users Only";
|     class administrator {
|         idle-timeout 10;
|         permissions all;
|     }
|     user local {
|         full-name "Local User";
|         uid 2000;
|         class administrator;
|         authentication {
|             encrypted-password ""; ## SECRET-DATA
|         }
|     }
| }
| 
| In radius :
| 
| user = local {
|         service = exec {
|                 default attribute = permit
|                 priv-lvl = 0
|         }
| }
| 
| user = raymond {
|         service = exec {
|                 default attribute = permit
|                 priv-lvl = 15
|         }
|         service = junos-exec {
|                 local-user-name = local
|         }
| }
| 
| Thomas
| 



| _______________________________________________
| juniper-nsp mailing list juniper-nsp at puck.nether.net
| https://puck.nether.net/mailman/listinfo/juniper-nsp


More information about the juniper-nsp mailing list