[tac_plus] Re: ScreenOS hints
John Payne
john at sackheads.org
Mon Mar 23 20:58:15 UTC 2009
On Oct 14, 2008, at 7:22 PM, John Payne wrote:
>
>
> On Oct 14, 2008, at 6:35 PM, Mark Ellzey Thomas <mark.thomas at corp.aol.com
>> wrote:
>
>> On Tue, Oct 14, 2008 at 06:26:30PM -0400, John Payne wrote:
>>> This took a while to find, so sending here to document. ScreenOS 6+
>>> will authenticate via TACACS+.
>>>
>>> Necessary tac_plus.cfg snippet:
>>>
>>> service = netscreen {
>>> vsys = root
>>> privilege = read-write
>>> }
>>>
>>>
>>
>> Greetings John,
>>
>> Thank you very much for posting this. Do you know whether
>> authorization
>> is supported with 6.0 (or will be)? I remember seeing that it is
>> only read or
>> read/write.
>
> I'm only looking at 6.1 at this point. Authorization is not yet
> available, but there is read-only, read-write and something else... I
> think admin or superuser (basically read-write but a few extra privs
> like setting up nsrp and local user maintenance).
>
> I will say that tacacs+ support is not complete yet. The biggest issue
> for me right now is that failover isn't working between primary and
> backup servers. I did get a patch for remote address in about 2 weeks
> though, so engineering is invested.
6.1.0r5 seems to be doing failover now.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20090323/007c118e/attachment.html
More information about the tac_plus
mailing list