[j-nsp] Juniper TACACS configuration

Ihsan Junaidi Ibrahim ihsan at isp.time.net.my
Fri Mar 30 12:40:52 EST 2007


Have you created the local user account named "remote" in the router? 
By default Junos uses "remote" to authenticate against TACACS+ if the 
authenticated user record is not available locally on the router.

/ihsan

----- Original Message -----
From: Kristian Larsson <kristian at spritelink.se>
Date: Saturday, March 31, 2007 1:11 am
Subject: [j-nsp] Juniper TACACS configuration

> Hey!
> 
> I'm having a small configuration problem with a
> Juniper router, I've tried setting up TACACS with
> the following configuration options:
> 
> system {
> 	authentication-order tacplus;
> 	tacplus-server {
> 	        1.3.3.7 {
> 	                secret
> 	                "$9$R)GAMrAMDSFMK#MKMASKDMCASDMC"; ## SECRET-
DATA
> 	                source-address 10.0.0.1;
> 	        }
> 	}
> }
> 
> When trying to login I get:
> kll at carmen ~ $ ssh kll at gbg2                                        
>                                                                   
>                               
> kll at gbg2's password:                                               
>                                                                   
>                           
> Password                                                           
>                                              
> Login incorrect                                                    
>                                                                   
>                               
> login: kll                                                         
>                                                                   
>                               
> Password:                                                          
>                                                                   
>                               
>                                                                   
>                                                                   
>                               
> If the user is also configured as a local user it works but 
> not if he's just configured on the TACACS server.
> The TACACS, (tac_plus version F4.0.4.8) works just fine with
> a bunch of Cisco machines. What have I done wrong ?
> 
> Cheers, 
>    Kristian.
> 
> -- 
> Kristian Larsson                                   KLL-RIPE
> Network Engineer                       SpriteLink [AS39525]
> +46 704 910401	                     kristian at spritelink.se
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 



More information about the juniper-nsp mailing list