[j-nsp] M-Series Authentication via Tacacs and authorization via local class

Aamir Saleem aamirwwol at gmail.com
Mon Oct 13 06:46:54 EDT 2008


Dear Masood,

Thanks for the reply. I have tested and solution is working.

Regards.

Aamir


On Sat, Oct 11, 2008 at 8:41 PM, Masood Ahmad Shah <masood at nexlinx.net.pk>wrote:

> When you are using RADIUS or TACACS+ authentication, you can create single
> accounts (for authorization purposes) that are shared by a set of users.
>
>
> http://www.juniper.net/techpubs/software/junos/junos57/swconfig57-getting-st
> arted/html/sys-mgmt-authentication4.html#1039222
>
> HTH
>
> Regards,
> Masood Ahmad Shah
> BLOG: http://www.weblogs.com.pk/jahil
>
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Aamir Saleem
> Sent: Friday, September 26, 2008 11:18 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] M-Series Authentication via Tacacs and authorization via
> local class
>
> Hello,
>
> I want to configure local configured users must authenticate from TACACS+
> server first and local authentication have second priority. Authorization
> of
> commands must be permitted from local account configured on M-Series
> routers. Do any body have any idea how to accomplish this. I have following
> class and user configured on M-Series for authorization purpose.
>
>
> class superuser-local {
>
>    idle-timeout 5;
>
>    permissions all;
>
>    deny-commands "(file delete)|(clear log)";
>
>    deny-configuration "system login";
>
> }
>
>
>
> user noc {
>
>    uid 2018;
>
>    class superuser-local;
>
>
> Authentication order
>
> authentication-order [ tacplus password ];
>
> Thanks
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>


More information about the juniper-nsp mailing list