[j-nsp] M-Series Authentication via Tacacs and authorization via local class
Masood Ahmad Shah
masood at nexlinx.net.pk
Sat Oct 11 10:41:26 EDT 2008
When you are using RADIUS or TACACS+ authentication, you can create single
accounts (for authorization purposes) that are shared by a set of users.
http://www.juniper.net/techpubs/software/junos/junos57/swconfig57-getting-st
arted/html/sys-mgmt-authentication4.html#1039222
HTH
Regards,
Masood Ahmad Shah
BLOG: http://www.weblogs.com.pk/jahil
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Aamir Saleem
Sent: Friday, September 26, 2008 11:18 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] M-Series Authentication via Tacacs and authorization via
local class
Hello,
I want to configure local configured users must authenticate from TACACS+
server first and local authentication have second priority. Authorization of
commands must be permitted from local account configured on M-Series
routers. Do any body have any idea how to accomplish this. I have following
class and user configured on M-Series for authorization purpose.
class superuser-local {
idle-timeout 5;
permissions all;
deny-commands "(file delete)|(clear log)";
deny-configuration "system login";
}
user noc {
uid 2018;
class superuser-local;
Authentication order
authentication-order [ tacplus password ];
Thanks
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list