Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
Are there special attributes or settings that need to be configured on
the TACACS+ server to allow the Juniper routers to authenticate?
-Ray
"remote" account has always been required for both TACACS and RADIUS:http://www.juniper.net/techpubs/software/junos/junos83/swconfig83-system-basics/html/sys-mgmt-authentication6.html--When you use local password authentication, you must create a local user account for every user who wants to access the system. However, when you are using RADIUS or TACACS+ authentication, you can create single accounts (for authorization purposes) that are shared by a set of users. You create these accounts using the remote and local user template accounts. When a user is using a template account, the command-line interface (CLI) username is the login name; however, the privileges, file ownership, and effective user ID are inherited from the template account.--Ps. Don't forget the authentication order too:http://www.juniper.net/techpubs/software/junos/junos83/swconfig83-system-basics/html/sys-mgmt-authentication9.html
thanks
Raheel Anwar