This post shows how to configure a TACACS+ server for system authentication in Juniper Netscreen SSG with open source tac_plus software.

Juniper Netscreen SSG Configuration
set auth-server TACACS id 1
set auth-server TACACS server-name 192.168.1.100
set auth-server TACACS backup1 192.168.1.200 (optional)
set auth-server TACACS account-type admin
set auth-server TACACS type tacacs
set auth-server TACACS tacacs secret Tacacssecret1
set auth-server TACACS tacacs port 49
set admin auth server TACACS
set admin auth remote primary
set admin auth remote root
set admin privilege get-external

tac_plus configuration
key = Tacacssecret1
group = netscreen
{
service = netscreen
{
vsys = root
privilege = root
}
}
user = nmsns {
default service = permit
login = file /etc/passwd
member = netscreen
}

This post shows how to configure a TACACS+ server for system authentication in Juniper SRX with open source tac_plus software.

Juniper SRX configuration
Connect to SRX and enter configure mode
[email protected]% cli
{primary:node1}
[email protected]> configure
warning: Clustering enabled; using private edit
warning: uncommitted changes will be discarded on exit
Entering configuration mode{primary:node1}[edit]
[email protected]#

Add a new TACACS+ server and set its IP address.
[email protected]#set tacplus-server address 172.16.98.24

Specify the shared secret (password) of the TACACS+ server.
[email protected]#set tacplus-server 172.16.98.24 secret Tacacssecret1

Specify the device’s loopback address as the source address.
[email protected]#set tacplus-server 172.16.98.24 source-address 10.0.0.1

Set for single connection authentication
[email protected]#set tacplus-server 172.16.98.24 single-connection

Set authentication order
[email protected]# set system authentication-order tacplus
[email protected]# set system authentication-order password

Set accounting logging
[email protected]# set system accounting events login
[email protected]#set system accounting events change-log
[email protected]#set system accounting events interactive-commands
[email protected]#set system accounting destination tacplus

Verify configuration
[email protected]# show system tacplus-server
[email protected]# show system accounting

tac_plus configuration
key = Tacacssecret1
group = srx {
service = junos-exec
{
local-user-name = root
}
}

user = srxadmin {
default service = permit
login = file /etc/passwd
member = srx
}

Incoming search terms:

  • how to add tacacs to junos
  • tacacs accounting
  • tacacs logs juniper