Junos
Reply
Visitor
rpatnaik
Posts: 4
Registered: ‎04-12-2012
0

Re: JUNOS Tacacs Integration

dclarkjr1122

How did you come about matching "vsys" with remote and "privilege" with remote when it looks to me that "tacplus_user" is the login user that has the class permissions associated.

What we did in ACS4.2 was local-user-name = Engineer and on the JUNOS platform we had:
system login user Engineer
class Engineer
system login class Engineer permissions all

Additionally, we had a read-only account which referenced a class with view and view-configuration. But on the ACS profile we identified allow-commands and deny-commands within the custom attribute field.

In my case, unfortunately I am dealing with another group as I don't control my ACS appliance. I really need a step by step path to do this.

Thanks.
Contributor
Fabian Prou
Posts: 10
Registered: ‎07-19-2011
0

Re: JUNOS Tacacs Integration

Very good guide for ACS 5.x : https://supportforums.cisco.com/message/3954494#3954494 be carefull 'vsys' attribute are for ScreenOS.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.