Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
We have EX4300s and all the devices reject my TACACS+ logon even though TACACS+ (Cisco ACS) reports a successful logon to the Juniper device. PAM records an expired account error message. There is no local account on the switch with the same name. Any user who tries gets the exact same error message.
Hi theslogan1962,
I hope you are doing great!
Can you please add the following command and let me know:
set system login user remote class super-user
Pablo,
Thank you Pablo as what you suggested got me to whre I wanted to be!
Hi ,
Good day !
I guess the below link will be of great use to you .
https://www.juniper.net/documentation/en_US/junos13.1/topics/example/authentication-configuration-tacacs-radius-password-configuring.html
You need to create a user remote and all the user will get authenticated by TACACS will use that template .
Error is cause the user is successfully getting authenticated by TACACS but there is no remote profile hence your unable to login into the switch .
If the issue still persists , you can provide the configuration we can have a check .
Thank you as what you showed me fixed the problem.