6

How to configure Juniper SSG/ISG devices with Cisco ACS 5.x

view full story
linux-howto

http://www.debianadmin.com – This article provides a configuration to authenticate SSG/ISG administrators by using TACACS+, instead of local logins.ACS v5.x is a Linux-based VM with a completely new user interface and structure. Juniper SSG/ISG Device configuration from CLI Add the Cisco ACS and TACACS+ configuration: set auth-server CiscoACSv5 id 1 set auth-server CiscoACSv5 server-name 192.168.1.100 set auth-server CiscoACSv5 [...] (Distributions)

taskli's picture
Submitted by taskli on 08/06/2012 – Made popular on 08/06/2012

Stories similar to How to configure Juniper SSG/ISG devices with Cisco ACS 5.x

Using TACACS+ as an external authentication server for administration purposes is supported beginning with ScreenOS 6.0.0 and higher. Note: TACACS+ is not supported for use as an authentication server for xauth or policy authentication. On the firewall device, the TACACS server object needs to be configured. In this example, the TACACS server is called “external”.

Our network engineering team uses multiple linux servers for syslog collection, configuration backups, tftp, etc...

We want to use TACACS+ on a Cisco ACS machine as our central authentication server where we can change passwords and account for user activity on these linux servers.

I'm currently deploying tacacs+ with cisco device, i use tacacs server from here http://www.shrubbery.net/tac_plus/

my scenario is: i want to permit user to configure my router but only for specific interface, i.e to gigabitethernet0/0, after arrive at router(config-if)# that user can do whatever he want with that interface, but he can not change to other interface nor change configuration in ro

Linux PAM pam_succeed_if.so 11 weeks 4 days ago

I've specified an AD security group in PAM to restrict which domain users can login. I've also restricted sessions for AD users to this group. This prevents a logged in user from doing an "su -" to an AD user outside of the group.

The Winbind uid mapping is configured so that AD users have UID >= 10000000.

These work as expected with the PAM configuration below.

PPP Dial-In Server 3 years 32 weeks ago

Hi All,

I have a question regarding this server setup. I wonder if it still exist this time. I am planning to implement this server that would really utilize our main office.

Problem: No Budget for new ISP connection for different branches. Solution: PPP Dial in server or (any suggestions from you guys would do)

I want to force https and basic auth for server-status output (mod_status). If I enable auth and user asks for http://site/server-status apache first asks for pass, then redirects to httpS, then asks for pass again.

This question is similar to Apache - Redirect to https before AUTH and force https with apache before .htpasswd but I cannot get it work because we are speaking not about generic fo

Sun Microsystems veteran David Yen - who has spent the past three years leading Juniper Networks Stratus R&D project that culminated in the launch of its QFabric data centre network technology in February - has joined arch rival Cisco to become general manager of Cisco's Server Access and Virtualisation Technology Group.

Juniper SSG 5 VPN 32 weeks 6 hours ago

I have a host who set up our Juniper SSG 5 VPN with Firmware version-6.2.0r5.0

I've been trying to set up VPN on it using this guide: http://kb.juniper.net/InfoCenter/index?page=content&id=KB4094 I've followed the steps and on my Mac, whenever I try to connect using L2TP over IPSec I get the following error;

Summary of Steps: Create User (give them L2TP auth ability), Create Group, Place Use

Cisco vs Juniper 2 years 49 weeks ago

In the data center, the Cisco vs. Juniper argument will hinge on which company has the more compelling unified data center fabric architecture: Cisco's Unified Computing System or Juniper's single-layer Stratus.