[j-nsp] Juniper TACACS using Cisco ACS 3.2

Ivan c ivannetw at gmail.com
Sat Apr 28 00:50:47 EDT 2007


Hi,

Further to my Cisco ACS question, does anyone have a guide on
configuring the Cisco ACS side for JunOS TACACS+?

I set the auth order-

    authentication-order [ tacplus password ];

TACACS+ config

    }
    tacplus-server {
        10.xxx.xxx.xxx {
            secret "$9$p7NbuO"; ## SECRET-DATA
            timeout 5;
            source-address 10.xxx.xxx.xxx;
        }
    }


Now this works if I define the user with no password, but I don't want
to have to define every user that will be administering this router.

        user ivan {
            uid 2001;
            class super-user;
        }

Ashok from Juniper provided his document, but it doesn't provide info
on the configuring the Cisco ACS side of things.

Any help is appreciated
Ivan

On 4/23/07, Ashok Patrick Jude M <ajude at juniper.net> wrote:
> Hi Ivan,
>
> Please check out the attach doc (tested configurations) helps!
>
> Thanks
> -Ashok
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Ivan c
> Sent: Monday, April 23, 2007 1:41 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Juniper TACACS using Cisco ACS 3.2
>
> Hi,
>
> Just wanted to see if anyway has Cisco ACS tacacs authentication
> working seemlessly with JunOS?
>
> I have the basics setup
>
> }
> tacplus-server {
>       10.0.0.1 {
>              secret "jahdsijfdkjfkdjakfjsdlkf"; ## SECRET-DATA
>              time-out 5;
>              source-address 10.0.0.2;
>          }
>
> and as long as the user name is defined in JunOS, the class but no
> password it works. I am wanting to setup TACACS but without having to
> define users locally.
>
> I know there is a way with ACS to setup local user profiles from
> JunOS, but I haven't managed to get it to work?
>
> Command authorization would be good too?
>
> thanks, any help is appreciated
>
> thanks
> Ivan
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>


More information about the juniper-nsp mailing list