[j-nsp] Juniper authorization with tacacs+

Sukhjit Hayre sukhjit.hayre at googlemail.com
Mon Apr 13 18:23:17 EDT 2015


hi Chris

thanks for the reply, actually I did not see any user file in /var/tmp
whilst logged-in im running vSRX firefly 12.1X47-D10.4

On Mon, Apr 13, 2015 at 4:07 PM, Chris Morrow <morrowc at ops-netman.net>
wrote:

>
>
> On 04/13/2015 11:01 AM, Eduardo Barrios wrote:
> > When I tested this a while back I could not get the "allow-commands"
> > attribute to work. The deny-commands attribute does work however. So
> > our ACS shell-profile read only group we had to start with a junos
> > login with a super-user class then use the "deny-commands" attribute
> > to strip the access ...request, restart, configure, etc.
> >
>
> it might help you to look in /var/tmp on the juniper when the affected
> user is logged in.. there will be a file named per the user's login PID
> which has their access requirements outlined. You can probably reverse
> engineer the right answer from that data.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list