[j-nsp] TACACS in Junos

Aaron Dewell aaron.dewell at gmail.com
Thu Mar 20 17:24:24 EDT 2014


The local username will be by default "remote" but you can return the TACACS version of a Vendor-Specific Attribute in order to specify something different per-user.  That local username then must exist on the router and all users which have that VSA returned will be mapped to that local user.

With your current setup, if you just create user remote with no password and a class of super-user (or whatever you prefer), it should solve the immediate problem.

On Mar 20, 2014, at 4:16 PM, Skeeve Stevens wrote:
> Hey all,
> 
> We've been implementing Tacacs on our networks and have this issue where we
> can't seem to get Tacacs working unless we declare the username and Tacacs
> is used just for the authentication.
> 
> Does anyone know how to get Tacacs working like Cisco where you just set it
> up and once you add users to the Tacacs back-end, they can login?
> 
> ...Skeeve
> 
> *Skeeve Stevens - *eintellego Networks Pty Ltd
> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
> 
> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
> 
> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
> linkedin.com/in/skeeve
> 
> twitter.com/theispguy ; blog: www.theispguy.com
> 
> 
> The Experts Who The Experts Call
> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp




More information about the juniper-nsp mailing list