This post shows how to configure a TACACS+ server for system authentication in Juniper SRX with open source tac_plus software.
Juniper SRX configuration
Connect to SRX and enter configure mode
root@SRX-FW% cli
{primary:node1}
root@SRX-FW> configure
warning: Clustering enabled; using private edit
warning: uncommitted changes will be discarded on exit
Entering configuration mode{primary:node1}[edit]
root@SRX-FW#
Add a new TACACS+ server and set its IP address.
root@SRX-FW#set tacplus-server address 172.16.98.24
Specify the shared secret (password) of the TACACS+ server.
root@SRX-FW#set tacplus-server 172.16.98.24 secret Tacacssecret1
Specify the device’s loopback address as the source address.
root@SRX-FW#set tacplus-server 172.16.98.24 source-address 10.0.0.1
Set for single connection authentication
root@SRX-FW#set tacplus-server 172.16.98.24 single-connection
Set authentication order
root@SRX-FW# set system authentication-order tacplus
root@SRX-FW# set system authentication-order password
Set accounting logging
root@SRX-FW# set system accounting events login
root@SRX-FW#set system accounting events change-log
root@SRX-FW#set system accounting events interactive-commands
root@SRX-FW#set system accounting destination tacplus
Verify configuration
root@SRX-FW# show system tacplus-server
root@SRX-FW# show system accounting
tac_plus configuration
key = Tacacssecret1
group = srx {
service = junos-exec
{
local-user-name = root
}
}
user = srxadmin {
default service = permit
login = file /etc/passwd
member = srx
}
Incoming search terms:
- tacacs juniper config example