[j-nsp] Juniper TACACS configuration

Kristian Larsson kristian at spritelink.se
Fri Mar 30 12:47:21 EST 2007


Markus, Ihsan, Alexander, thanks to you all.

Of course I had no "remote" user. I solved it by
adding a new service on the tacacs server to
authenticate via a already existing local user.

Thanks again

  Kristian.

On Sat, Mar 31, 2007 at 01:40:52AM +0800, Ihsan Junaidi Ibrahim wrote:
> Have you created the local user account named "remote" in the router? 
> By default Junos uses "remote" to authenticate against TACACS+ if the 
> authenticated user record is not available locally on the router.
> 
> /ihsan
> 
> ----- Original Message -----
> From: Kristian Larsson <kristian at spritelink.se>
> Date: Saturday, March 31, 2007 1:11 am
> Subject: [j-nsp] Juniper TACACS configuration
> 
> > Hey!
> > 
> > I'm having a small configuration problem with a
> > Juniper router, I've tried setting up TACACS with
> > the following configuration options:
> > 
> > system {
> > 	authentication-order tacplus;
> > 	tacplus-server {
> > 	        1.3.3.7 {
> > 	                secret
> > 	                "$9$R)GAMrAMDSFMK#MKMASKDMCASDMC"; ## SECRET-
> DATA
> > 	                source-address 10.0.0.1;
> > 	        }
> > 	}
> > }
> > 
> > When trying to login I get:
> > kll at carmen ~ $ ssh kll at gbg2                                        
> >                                                                   
> >                               
> > kll at gbg2's password:                                               
> >                                                                   
> >                           
> > Password                                                           
> >                                              
> > Login incorrect                                                    
> >                                                                   
> >                               
> > login: kll                                                         
> >                                                                   
> >                               
> > Password:                                                          
> >                                                                   
> >                               
> >                                                                   
> >                                                                   
> >                               
> > If the user is also configured as a local user it works but 
> > not if he's just configured on the TACACS server.
> > The TACACS, (tac_plus version F4.0.4.8) works just fine with
> > a bunch of Cisco machines. What have I done wrong ?
> > 
> > Cheers, 
> >    Kristian.
> > 
> > -- 
> > Kristian Larsson                                   KLL-RIPE
> > Network Engineer                       SpriteLink [AS39525]
> > +46 704 910401	                     kristian at spritelink.se
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> > 
> 

-- 
Kristian Larsson                                   KLL-RIPE
Network Engineer                       SpriteLink [AS39525]
+46 704 910401			     kristian at spritelink.se


More information about the juniper-nsp mailing list