PAM rejecting logon with expired after TACACS+ (Cisco ACS) records a successful logon to EX4300 device.
[ Edited ]
We have EX4300s and all the devices reject my TACACS+ logon even though TACACS+ (Cisco ACS) reports a successful logon to the Juniper device. PAM records an expired account error message. There is no local account on the switch with the same name. Any user who tries gets the exact same error message.