[j-nsp] M-Series Authentication via Tacacs and authorization via local class

Masood Ahmad Shah masood at nexlinx.net.pk
Sat Oct 11 10:41:26 EDT 2008


When you are using RADIUS or TACACS+ authentication, you can create single
accounts (for authorization purposes) that are shared by a set of users.

http://www.juniper.net/techpubs/software/junos/junos57/swconfig57-getting-st
arted/html/sys-mgmt-authentication4.html#1039222

HTH

Regards,
Masood Ahmad Shah
BLOG: http://www.weblogs.com.pk/jahil


-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Aamir Saleem
Sent: Friday, September 26, 2008 11:18 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] M-Series Authentication via Tacacs and authorization via
local class

Hello,

I want to configure local configured users must authenticate from TACACS+
server first and local authentication have second priority. Authorization of
commands must be permitted from local account configured on M-Series
routers. Do any body have any idea how to accomplish this. I have following
class and user configured on M-Series for authorization purpose.


class superuser-local {

    idle-timeout 5;

    permissions all;

    deny-commands "(file delete)|(clear log)";

    deny-configuration "system login";

}



user noc {

    uid 2018;

    class superuser-local;


Authentication order

authentication-order [ tacplus password ];

Thanks
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list