[tac_plus] Re: ScreenOS hints
John Payne
john at sackheads.org
Tue Oct 14 23:22:20 UTC 2008
On Oct 14, 2008, at 6:35 PM, Mark Ellzey Thomas <mark.thomas at corp.aol.com
> wrote:
> On Tue, Oct 14, 2008 at 06:26:30PM -0400, John Payne wrote:
>> This took a while to find, so sending here to document. ScreenOS 6+
>> will authenticate via TACACS+.
>>
>> Necessary tac_plus.cfg snippet:
>>
>> service = netscreen {
>> vsys = root
>> privilege = read-write
>> }
>>
>>
>
> Greetings John,
>
> Thank you very much for posting this. Do you know whether
> authorization
> is supported with 6.0 (or will be)? I remember seeing that it is
> only read or
> read/write.
I'm only looking at 6.1 at this point. Authorization is not yet
available, but there is read-only, read-write and something else... I
think admin or superuser (basically read-write but a few extra privs
like setting up nsrp and local user maintenance).
I will say that tacacs+ support is not complete yet. The biggest issue
for me right now is that failover isn't working between primary and
backup servers. I did get a patch for remote address in about 2 weeks
though, so engineering is invested.
More information about the tac_plus
mailing list