I believe SRX210 is a firewall capable of routing. Following is tac config for SRX with the assumption that your tacplus server is already configured:

set system authentication-order tacplus
set system authentication-order password
set system tacplus-server tac-serv-ip secret "key"     /* secret key configured on the server*/
set system tacplus-server tac-serv-ip source-address "source-interface-ip-on-srx"
set system accounting events login
set system accounting events change-log
set system accounting events interactive-commands
set system accounting destination tacplus

# Do create fall back user(s) locally on the srx for events when tac server isnt accesible

in addition to Hassans post, you have to add remote user to allow remote tacacs user connections

set system login user remote full-name "Tacacs+ template for remote access"
set system login user remote class super-user

I do it a bit differently.. Below is my configuration, but I also use access-restrictions on the tacacs user profile. Below I used the name TACACS for the login account, which needs to be specified in the ACS user/group profile under the custom service. By default it JUNOS goes to remote I believe.

}      

tacplus-server {

    192.168.1.12 {

        secret "$9$9JbVpu1eK87ds"; ## SECRET-DATA

        source-address 10.1.1.1;

    }

}

accounting {

    events [ login change-log interactive-commands ];

    destination {

        tacplus {

            server {

                192.168.1.12 {

                    secret "$9$HmPQtpBESe"; ## SECRET-DATA

                    source-address 10.1.1.1;

                }

            }

        }

    }

}

login {

    class super-user-local {

        idle-timeout 15;

        permissions all;

    }

    user TACACS {

        uid 2002;

        class super-user-local;

    }

Depending on your needs you can also setup local users with the same username as held in the User Database your TACACS service is using for authentication, then assign them to the local class you prefer. We are currently using this for all super-user level accounts, and then the generic Remote template user with a custom class (custom permissions/command set) for anyone else authenticated via TACACS.

Hey ...

Looking at the configuration above ....Do we need to create an user account named  "remote" on the TACACS+ server?

can we create a different  user account  on the TACACS+ and login to the SRX with the user account created in TACACS+

or

Do we need to have account on SRX 210 and TACACS+ server for a user to login into the box....

Please help.

Thanks