tacplus-options

 

Syntax

Hierarchy Level

Release Information

Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

no-cmd-attribute-value and exclude-cmd-attribute options introduced in Junos OS Release 9.3.

Statement introduced in Junos OS Release 11.1 for QFX Series.

timestamp-and-timezone option introduced in Junos OS Release 12.2.

strict-authorization option introduced in Junos OS Release 13.3 for EX Series, M Series, MX Series, PTX Series, and T Series.

enhanced-accounting option introduced in Junos OS Release 14.1.

Statement introduced in Junos OS Release 14.1X53-D20 for OCX Series switches.

Description

Configure TACACS+ options for authentication and accounting.

Options

enhanced-accounting—View the attribute values of a logged in user.

exclude-cmd-attribute—Exclude the cmd attribute value completely from start and stop accounting records to enable logging of accounting records in the correct log file on a TACACS+ server.

no-cmd-attribute-value—Set the cmd attribute value to an empty string in the TACACS+ accounting start and stop requests to enable logging of accounting records in the correct log file on a TACACS+ server.

service-name service-name—Name of the authentication service used when you configure multiple TACACS+ servers to use the same authentication service.

Default: junos-exec

strict-authorization—Deny login if authorization request fails. When a user is logging in, Junos OS issues two TACACS+ requests—first the authentication request followed by the authorization request. By default, when the authorization request is rejected by the TACACS+ server, Junos OS ignores this and allows full access to the user. When the set system tacplus-options strict-authorization statement is set, Junos OS denies access to the user even on failure of the authorization request.

timestamp-and-timezone—Include this statement if you want start time, stop time, and timezone attributes included in start/stop accounting records.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.