Application Acceleration
Reply
Visitor
nssteam
Posts: 1
Registered: ‎12-03-2008
0

TACACS+/RADIUS Authentication for diffrent users settings.

We are using Cisco Scure ACSv4.0 and to try and authenticate users on a WXC590 (Software Version 5.4.2.0). When I enable authentication on the WXC all users who login have "read only access" even if the Juniper-local-user-name attribute is associated with an account with full read/write priveleges. Any ideas??
Juniper Employee
AMS-TAC
Posts: 29
Registered: ‎03-18-2009
0

Re: TACACS+/RADIUS Authentication for diffrent users settings.

[ Edited ]

To quote the WX Operator's Guide for 5.6:

 


The following attributes can be returned from the TACACS+ server:
* idletime=n. Indicates the number of consecutive minutes a user session can
be idle before the connection is closed (a zero indicates no idle timeout).
* priv-lvl=n. Indicates a user’s access privileges (0 to 15).
* packet-capture-allowed=1/0. Indicates whether packet captures are allowed.

 

Did you try setting these? See wxog_56.pdf page 102 for more details.

 

 

 

Also, 5.4.2 is quite old, minimum supportable 5.4 is 5.4.6 and the 5.4 Operator's Guide is based on 5.4.6 minimum version. And considering that 5.4 is EOL this year, you should really look into moving to 5.6 branch.

Message Edited by AMS-TAC on 03-23-2009 03:48 AM
Visitor
Chris-B
Posts: 8
Registered: ‎03-12-2009
0

Re: TACACS+/RADIUS Authentication for diffrent users settings.

Hi

 

just to note that in WXOS 5.7.x the format of the extended attribute has changed  to "Juniper-WX-Allow-Pkt-Capture=1/0"

Visitor
Chris-B
Posts: 8
Registered: ‎03-12-2009
0

Re: TACACS+/RADIUS Authentication for diffrent users settings.

Hi, pls note that this is actually a bug and apparently wont be fixed until 5.7.3 release
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.