Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
569
Views
0
Helpful
0
Replies

ACS 5.2 AAA tacacs with SSG-350m 6.1.0

matthewluba
Level 1
Level 1

‎12-09-2012 08:49 PM - edited ‎03-10-2019 07:52 PM

Having a ton of issues trying to get ACS to authrorize a Juniper firewall.

We have configured the SSG correctly, and do not have issues logging in as root with full access.

However we are trying to create a read-only account for external clients, but not getting anywhere.

On acs

     -Created a Access Policy called juniperro using the Shell profile (juniperro)

     -Shell profile contains custom attributes

          vsys - root

          privilege - read-only

However when we try to log in as the user juniperro, it just prompts for the password again.

Checking the logs on ACS it shows that everything passed and Authetication worked

Access Policy

Access Service: Default Device Admin -> TACACS

Identity Store: Internal Users

Selected Shell Profile: juniperro

Identity Group: All Groups:readonly_test

Access Service Selection Matched Rule : Rule-2 (match protocal TACACS)

Identity Policy Matched Rule: Default

Selected Identity Stores: Internal Users

Query Identity Stores:  

Selected Query Identity Stores:  

Group Mapping Policy Matched Rule:  

Authorization Policy Matched Rule: juniperro

Authorization Exception Policy Matched Rule:  

Can anyone tell me what we are missing to get a read-only account working??

thanks

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents