<HTML><HEAD></HEAD>
<BODY dir=ltr>
<DIV dir=ltr>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000">
<DIV>Dear Sir,</DIV>
<DIV> </DIV>
<DIV>Followed your inputs and successfully authenticated users for access to
juniper J6350 and Cisco 3660 routers.</DIV>
<DIV>Now, i have huawei NE40E-X3A router and done configuration on router , but
stuck in tac_server config relating to that.</DIV>
<DIV> </DIV>
<DIV>Please help with template specific to huawei router , if you have.</DIV>
<DIV> </DIV>
<DIV>Regards</DIV>
<DIV>Veerabhadra</DIV>
<DIV> </DIV>
<DIV
style='FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; DISPLAY: inline'>
<DIV style="FONT: 10pt tahoma">
<DIV> </DIV>
<DIV style="BACKGROUND: #f5f5f5">
<DIV style="font-color: black"><B>From:</B> <A title=john@op-sec.us>John
Fraizer</A> </DIV>
<DIV><B>Sent:</B> Monday, March 26, 2018 12:58 PM</DIV>
<DIV><B>To:</B> <A title=veerabhadra@stpi.in>veerabhadra</A> </DIV>
<DIV><B>Cc:</B> <A title=tac_plus@shrubbery.net>tac_plus</A> </DIV>
<DIV><B>Subject:</B> Re: [tac_plus] Questions regarding tacacs+ server config
file</DIV></DIV></DIV>
<DIV> </DIV></DIV>
<DIV
style='FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; DISPLAY: inline'>
<DIV dir=ltr>Take a look at <A
style="FONT-SIZE: 12px; FONT-FAMILY: arial,sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(17,85,204); FONT-STYLE: normal; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: normal"
href="http://www.shrubbery.net/pipermail/tac_plus/2015-April/001622.html"
target=_blank>http://www.shrubbery.net/<WBR>pipermail/tac_plus/2015-April/<WBR>001622.html</A>
<DIV> </DIV>
<DIV>It will look something like this:</DIV>
<DIV> </DIV>
<DIV><PRE style="WHITE-SPACE: pre-wrap; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal; LETTER-SPACING: normal; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: normal; text-decoration-style: initial; text-decoration-color: initial">key = "blah-blah-blah"
accounting file = /some/location/tacplus.acct
default authentication = file /etc/passwd
#
# Default group to run all command authentication through do_auth.
#
group = doauthaccess {
default service = permit
service = exec {
priv-lvl = 1
optional idletime = 30
optional acl = 2
shell:roles="\"network-operator vdc-operator\""
}
service = junos-exec {
bug-fix = "first pair is lost"
local-user-name = "remote"
allow-commands = "(.*exit)|(show cli auth.*)"
deny-commands = ".*"
allow-configuration = ""
deny-configuration = ".*"
}
after authorization "/usr/bin/python /some-location/do_auth.py -i
$address -u $user -d $name -l /some-location/do_auth.log -f
/some-location/do_auth.ini"
}
#
# Default user - Used when no user specific stanza exists in tac_plus.conf.
#
user = DEFAULT {
member = doauthaccess
login = PAM
}
</PRE><BR class=gmail-Apple-interchange-newline>Notice that there are two
stanzas... One for 'exec' (cisco, cisco-like) and 'junos-exec'
(Juniper)... You simply need to know what 'service' the device in question
is going to use and you need a stanza for it...</DIV>
<DIV> </DIV></DIV>
<DIV class=gmail_extra>
<DIV> </DIV>
<DIV>
<DIV class=gmail_signature data-smartmail="gmail_signature">
<DIV dir=ltr>
<DIV>--</DIV>John Fraizer
<DIV>LinkedIn profile: <A href="http://www.linkedin.com/in/johnfraizer/"
target=_blank>http://www.linkedin.com/in/johnfraizer/</A></DIV>
<DIV>
<DIV> </DIV>
<DIV><SPAN
style="FONT-SIZE: 12px; FONT-FAMILY: arial,sans-serif; COLOR: rgb(53,53,53); LINE-HEIGHT: 12px; BACKGROUND-COLOR: rgb(244,244,244)"><BR></SPAN></DIV></DIV></DIV></DIV></DIV>
<DIV> </DIV>
<DIV class=gmail_quote>On Mon, Mar 26, 2018 at 12:17 AM, veerabhadra <SPAN
dir=ltr><<A target=_blank>veerabhadra@stpi.in</A>></SPAN> wrote:<BR>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex">Sir,<BR><BR>Authenticating
users of network using standalone file for each NAS works fine. ( cisco and
juniper separately).<BR>Please let me know how to combine both cisco and
juniper config in single file to authenticate same users of both
devices.<BR><BR>Did not find any details in man pages for combining config for
both devices.<SPAN><BR><BR>Regards<BR>Veerabhadra<BR><BR>-----Original
Message----- From: heasley<BR></SPAN>Sent: Monday, March 26, 2018 12:32
PM<BR>To: veerabhadra<BR>Cc: <A target=_blank>tac_plus@shrubbery.net</A> ;
heasley<SPAN class="im HOEnZb"><BR>Subject: Re: Questions regarding tacacs+
server config file<BR><BR></SPAN>
<DIV class=HOEnZb>
<DIV class=h5>Mon, Mar 26, 2018 at 10:18:52AM +0530, veerabhadra:<BR>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex">Hi,<BR><BR>Can
i use "single" tac_plus.conf file to load configuration to
authenticate<BR>cisco and juniper devices at the same
time.<BR></BLOCKQUOTE><BR>yes.<BR><BR>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex">If
yes, can i have template of the configuration file , please.<BR><BR>I have
the network with cisco and juniper devices and looking to<BR>authenticate
users of both devices using single tacacs server and single<BR>config
file.<BR></BLOCKQUOTE><BR>the distribution and installation provide a
tac_plus.conf.sample file which<BR>has an example for nearly all configuration
syntax. <BR>______________________________<WBR>_________________<BR>tac_plus
mailing list<BR><A target=_blank>tac_plus@shrubbery.net</A><BR><A
href="http://www.shrubbery.net/mailman/listinfo/tac_plus" rel=noreferrer
target=_blank>http://www.shrubbery.net/mailm<WBR>an/listinfo/tac_plus</A><BR></DIV></DIV></BLOCKQUOTE></DIV>
<DIV> </DIV></DIV></DIV></DIV></DIV></BODY></HTML>