<div dir="ltr">Take a look at <a href="http://www.shrubbery.net/pipermail/tac_plus/2015-April/001622.html" target="_blank" style="color:rgb(17,85,204);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255)">http://www.shrubbery.net/<wbr>pipermail/tac_plus/2015-April/<wbr>001622.html</a><div><br></div><div>It will look something like this:</div><div><br></div><div><pre style="white-space:pre-wrap;color:rgb(0,0,0);font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">key = "blah-blah-blah"
accounting file = /some/location/tacplus.acct
default authentication = file /etc/passwd
#
# Default group to run all command authentication through do_auth.
#
group = doauthaccess {
default service = permit
service = exec {
priv-lvl = 1
optional idletime = 30
optional acl = 2
shell:roles="\"network-operator vdc-operator\""
}
service = junos-exec {
bug-fix = "first pair is lost"
local-user-name = "remote"
allow-commands = "(.*exit)|(show cli auth.*)"
deny-commands = ".*"
allow-configuration = ""
deny-configuration = ".*"
}
after authorization "/usr/bin/python /some-location/do_auth.py -i
$address -u $user -d $name -l /some-location/do_auth.log -f
/some-location/do_auth.ini"
}
#
# Default user - Used when no user specific stanza exists in tac_plus.conf.
#
user = DEFAULT {
member = doauthaccess
login = PAM
}
</pre><br class="gmail-Apple-interchange-newline">Notice that there are two stanzas... One for 'exec' (cisco, cisco-like) and 'junos-exec' (Juniper)... You simply need to know what 'service' the device in question is going to use and you need a stanza for it...</div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>--</div>John Fraizer<div>LinkedIn profile: <a href="http://www.linkedin.com/in/johnfraizer/" target="_blank">http://www.linkedin.com/in/johnfraizer/</a></div><div><br><div><span style="color:rgb(53,53,53);font-family:Arial,sans-serif;font-size:12px;line-height:12px;background-color:rgb(244,244,244)"><br></span></div></div></div></div></div>
<br><div class="gmail_quote">On Mon, Mar 26, 2018 at 12:17 AM, veerabhadra <span dir="ltr"><<a href="mailto:veerabhadra@stpi.in" target="_blank">veerabhadra@stpi.in</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Sir,<br>
<br>
Authenticating users of network using standalone file for each NAS works fine. ( cisco and juniper separately).<br>
Please let me know how to combine both cisco and juniper config in single file to authenticate same users of both devices.<br>
<br>
Did not find any details in man pages for combining config for both devices.<span class=""><br>
<br>
Regards<br>
Veerabhadra<br>
<br>
-----Original Message----- From: heasley<br></span>
Sent: Monday, March 26, 2018 12:32 PM<br>
To: veerabhadra<br>
Cc: <a href="mailto:tac_plus@shrubbery.net" target="_blank">tac_plus@shrubbery.net</a> ; heasley<span class="im HOEnZb"><br>
Subject: Re: Questions regarding tacacs+ server config file<br>
<br></span><div class="HOEnZb"><div class="h5">
Mon, Mar 26, 2018 at 10:18:52AM +0530, veerabhadra:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
Can i use "single" tac_plus.conf file to load configuration to authenticate<br>
cisco and juniper devices at the same time.<br>
</blockquote>
<br>
yes.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
If yes, can i have template of the configuration file , please.<br>
<br>
I have the network with cisco and juniper devices and looking to<br>
authenticate users of both devices using single tacacs server and single<br>
config file.<br>
</blockquote>
<br>
the distribution and installation provide a tac_plus.conf.sample file which<br>
has an example for nearly all configuration syntax. <br>
______________________________<wbr>_________________<br>
tac_plus mailing list<br>
<a href="mailto:tac_plus@shrubbery.net" target="_blank">tac_plus@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo/tac_plus" rel="noreferrer" target="_blank">http://www.shrubbery.net/mailm<wbr>an/listinfo/tac_plus</a><br>
</div></div></blockquote></div><br></div>