[j-nsp] Juniper TACACS using Cisco ACS 3.2
Kristian Larsson
kristian at spritelink.se
Mon Apr 23 04:29:26 EDT 2007
On Mon, Apr 23, 2007 at 06:11:04PM +1000, Ivan c wrote:
> Hi,
>
> Just wanted to see if anyway has Cisco ACS tacacs authentication
> working seemlessly with JunOS?
No, but with TAC+.
> I have the basics setup
>
> }
> tacplus-server {
> 10.0.0.1 {
> secret "jahdsijfdkjfkdjakfjsdlkf"; ## SECRET-DATA
> time-out 5;
> source-address 10.0.0.2;
> }
Looks good.
> and as long as the user name is defined in JunOS, the class but no
> password it works. I am wanting to setup TACACS but without having to
> define users locally.
You need to add attributes to the user/group on
the Cisco ACS. This is described here:
http://www.juniper.net/techpubs/software/junos/junos57/swconfig57-getting-started/html/sys-mgmt-authentication3.html
under "Configure Juniper Networks-Specific TACACS+ Attributes"
Kristian.
--
Kristian Larsson KLL-RIPE
Network Engineer SpriteLink [AS39525]
+46 704 910401 kristian at spritelink.se
More information about the juniper-nsp
mailing list