SRX

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  tacacs+ cli auth with Cisco ACS 5.x

    Posted 10-10-2012 06:18

    I want to implement CLI authentication via tacacs+ on Cisco ACS 5.3 server. I follow  KB17269, and i can successfull auth with Cisco ACS user, but also I can auth with local SRX users (in this time at ACS logs I can see that user "root" is not finded in identity stores, and access denied). But I want to do, that local users can auth only if tacacs+ server is unreachable (like it work in Cisco equipment). Is the any solution?


    #SRX
    #CiscoACS5.x
    #TACACS+


  • 2.  RE: tacacs+ cli auth with Cisco ACS 5.x
    Best Answer

     
    Posted 10-10-2012 09:39

    hi,

     

    do you have 'system authentication-order tacplus password' ? Remove the 'password.

     

    Please note the difference (password explicitly configured/not configured):

    More reading at http://www.juniper.net/techpubs/en_US/junos/topics/concept/authentication-order-authentication-methods-overview.html. See note at the end (pre/post Junos 10.0 behavior)

     

    jtb