Tuesday, December 28, 2010

Juniper and tacac+

config บน Juniper เพื่อคุยกับ tacacs+ server

set system authentication-order tacplus
set system authentication-order password

set system tacplus-server 192.168.26.4 port 49
set system tacplus-server 192.168.26.4 secret "$9$G-Uqf3nC0BEz3A0O1rlxNds4ZjHmQ39"
set system tacplus-server 192.168.26.4 single-connection

set system accounting events login
set system accounting events change-log
set system accounting events interactive-commands
set system accounting destination tacplus



account สำหรับ tacacs+ คุยกับ router

set system login user view full-name TACACS_ACCOUNT_OPERATOR
set system login user view uid 2002
set system login user view class operator

set system login user admin full-name TACACS_ACCOUNT_ADMIN
set system login user admin uid 2001
set system login user admin class super-user



ตัวอย่าง config บน tacac+ server เพื่อคุยกับ juniper หมายเหตุ version tacacs+ F4.0.4.19 บน linux

# Group Account
group = admin {
default service = permit
service = junos-exec {
local-user-name = admin
allow-commands = "all"
}
group = viewer {
default service = deny
service = junos-exec {
local-user-name = view
deny-commands = "clear|rquest|restart|"
}
}


#user admin
user = nmc {
login = cleartext "nmc1234"
member = admin
}

#user operator
user = test01 {
login = cleartext "test1234"
member = viewer
}
เขียนโดย ที่

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)