[j-nsp] How to configure two Tacacs servers with different keys in the same router ?

Abdullah Baheer abdullahbaheer at yahoo.com
Tue Sep 25 09:43:51 EDT 2012


Hi,
About question No. 2, if you configure authentication order [tacplus password] you will be authenticated locally if tacplus is reachable and doesn't authenticate...in case you configure authentication order as [tacplus], you will only be authenticated locally if the tacplus server is not reachable...
ThanksAbdullah Baheer

--- On Mon, 9/24/12, hani ibrahim <hani.ibrahim.aswn at gmail.com> wrote:

From: hani ibrahim <hani.ibrahim.aswn at gmail.com>
Subject: [j-nsp] How to configure two Tacacs servers with different keys in the same router ?
To: juniper-nsp at puck.nether.net
Date: Monday, September 24, 2012, 6:01 PM

Dear All,

Kindly, appreciate you help ,

i tired to configure two different tacacs servers on the same routes but i
observed the below :

1- the first configured server is authenticating , but the 2nd one is not ?
so is it possible to authenticate  using both servers ?
2- i can authenticate locally + tacacs although I'm configuring
authentication-order [tacplus password] ? so why ?

config sample :
tacplus-server {
        10.10.10.1 {=========================================>this server
is authenticating first
            port 49;
            secret "$898%&asdertynkll*&8778%^"; ## SECRET-DATA
            timeout 10;
            single-connection;
            source-address 11.11.11.1;
        }
        20.20.20.1 {========================================> this one is
not authenticating
            port 49
            secret "$9$-vdY46tyh890dr%%@3df"; ## SECRET-DATA
            timeout 10;
            source-address 21.21.21.1;
}

 user admin  {=========================================>this user is used
for both servers on the router
            uid 2010;
            class super-user;

BR,
Hany
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


More information about the juniper-nsp mailing list