[j-nsp] Juniper TACACS configuration
Ihsan Junaidi Ibrahim
ihsan at isp.time.net.my
Fri Mar 30 12:40:52 EST 2007
Have you created the local user account named "remote" in the router?
By default Junos uses "remote" to authenticate against TACACS+ if the
authenticated user record is not available locally on the router.
/ihsan
----- Original Message -----
From: Kristian Larsson <kristian at spritelink.se>
Date: Saturday, March 31, 2007 1:11 am
Subject: [j-nsp] Juniper TACACS configuration
> Hey!
>
> I'm having a small configuration problem with a
> Juniper router, I've tried setting up TACACS with
> the following configuration options:
>
> system {
> authentication-order tacplus;
> tacplus-server {
> 1.3.3.7 {
> secret
> "$9$R)GAMrAMDSFMK#MKMASKDMCASDMC"; ## SECRET-
DATA
> source-address 10.0.0.1;
> }
> }
> }
>
> When trying to login I get:
> kll at carmen ~ $ ssh kll at gbg2
>
>
> kll at gbg2's password:
>
>
> Password
>
> Login incorrect
>
>
> login: kll
>
>
> Password:
>
>
>
>
>
> If the user is also configured as a local user it works but
> not if he's just configured on the TACACS server.
> The TACACS, (tac_plus version F4.0.4.8) works just fine with
> a bunch of Cisco machines. What have I done wrong ?
>
> Cheers,
> Kristian.
>
> --
> Kristian Larsson KLL-RIPE
> Network Engineer SpriteLink [AS39525]
> +46 704 910401 kristian at spritelink.se
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list