Application Acceleration
Application Acceleration

TACACS+/RADIUS Authentication for diffrent users settings.

03.20.09   |  
‎03-20-2009 07:32 AM
We are using Cisco Scure ACSv4.0 and to try and authenticate users on a WXC590 (Software Version 5.4.2.0). When I enable authentication on the WXC all users who login have "read only access" even if the Juniper-local-user-name attribute is associated with an account with full read/write priveleges. Any ideas??
3 REPLIES
Application Acceleration

Re: TACACS+/RADIUS Authentication for diffrent users settings.

[ Edited ]
03.23.09   |  
‎03-23-2009 03:42 AM

To quote the WX Operator's Guide for 5.6:

 


The following attributes can be returned from the TACACS+ server:
* idletime=n. Indicates the number of consecutive minutes a user session can
be idle before the connection is closed (a zero indicates no idle timeout).
* priv-lvl=n. Indicates a user’s access privileges (0 to 15).
* packet-capture-allowed=1/0. Indicates whether packet captures are allowed.

 

Did you try setting these? See wxog_56.pdf page 102 for more details.

 

 

 

Also, 5.4.2 is quite old, minimum supportable 5.4 is 5.4.6 and the 5.4 Operator's Guide is based on 5.4.6 minimum version. And considering that 5.4 is EOL this year, you should really look into moving to 5.6 branch.

Message Edited by AMS-TAC on 03-23-2009 03:48 AM
Application Acceleration

Re: TACACS+/RADIUS Authentication for diffrent users settings.

08.21.09   |  
‎08-21-2009 04:37 AM

Hi

 

just to note that in WXOS 5.7.x the format of the extended attribute has changed  to "Juniper-WX-Allow-Pkt-Capture=1/0"

Highlighted
Application Acceleration

Re: TACACS+/RADIUS Authentication for diffrent users settings.

09.14.09   |  
‎09-14-2009 02:01 AM
Hi, pls note that this is actually a bug and apparently wont be fixed until 5.7.3 release