[j-nsp] M-Series Authentication via Tacacs and authorization via local class

Aamir Saleem aamirwwol at gmail.com
Fri Sep 26 02:17:47 EDT 2008


Hello,

I want to configure local configured users must authenticate from TACACS+
server first and local authentication have second priority. Authorization of
commands must be permitted from local account configured on M-Series
routers. Do any body have any idea how to accomplish this. I have following
class and user configured on M-Series for authorization purpose.


class superuser-local {

    idle-timeout 5;

    permissions all;

    deny-commands "(file delete)|(clear log)";

    deny-configuration "system login";

}



user noc {

    uid 2018;

    class superuser-local;


Authentication order

authentication-order [ tacplus password ];

Thanks


More information about the juniper-nsp mailing list