[j-nsp] How to configure two Tacacs servers with different keys in the same router ?
Abdullah Baheer
abdullahbaheer at yahoo.com
Tue Sep 25 09:43:51 EDT 2012
Hi,
About question No. 2, if you configure authentication order [tacplus password] you will be authenticated locally if tacplus is reachable and doesn't authenticate...in case you configure authentication order as [tacplus], you will only be authenticated locally if the tacplus server is not reachable...
ThanksAbdullah Baheer
--- On Mon, 9/24/12, hani ibrahim <hani.ibrahim.aswn at gmail.com> wrote:
From: hani ibrahim <hani.ibrahim.aswn at gmail.com>
Subject: [j-nsp] How to configure two Tacacs servers with different keys in the same router ?
To: juniper-nsp at puck.nether.net
Date: Monday, September 24, 2012, 6:01 PM
Dear All,
Kindly, appreciate you help ,
i tired to configure two different tacacs servers on the same routes but i
observed the below :
1- the first configured server is authenticating , but the 2nd one is not ?
so is it possible to authenticate using both servers ?
2- i can authenticate locally + tacacs although I'm configuring
authentication-order [tacplus password] ? so why ?
config sample :
tacplus-server {
10.10.10.1 {=========================================>this server
is authenticating first
port 49;
secret "$898%&asdertynkll*&8778%^"; ## SECRET-DATA
timeout 10;
single-connection;
source-address 11.11.11.1;
}
20.20.20.1 {========================================> this one is
not authenticating
port 49
secret "$9$-vdY46tyh890dr%%@3df"; ## SECRET-DATA
timeout 10;
source-address 21.21.21.1;
}
user admin {=========================================>this user is used
for both servers on the router
uid 2010;
class super-user;
BR,
Hany
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list