Using RADIUS or TACACS+ Authentication

You can configure the JUNOS software to be both a RADIUS or TACACS+ authentication client.

If an authentication method included in the [authentication-order] statement is not available, or if the authentication is available but returns a reject response, the JUNOS software tries the next authentication method included in the authentication-order statement.

The RADIUS or TACACS+ server authentication might fail because of the following reasons:

• The authentication method is configured, but the corresponding authentication servers are not configured. For instance, the radius and tacplus authentication methods are included in the authentication-order statement, but the corresponding RADIUS or TACACS+ servers are not configured at the respective [edit system radius-server] and [edit system tacplus-server] hierarchy levels.
• The RADIUS or TACACS+ server does not respond within the timeout period configured at the [edit system radius-server] or [edit system tacplus-server] hierarchy levels.
• The RADIUS or TACACS+ server is not reachable due to a network problem.

The RADIUS or TACACS+ server authentication might return a reject response because of the following reasons:

• The user profiles of users accessing a router might not be configured on the RADIUS or TACACS+ server.
• The user enters incorrect logon credentials.

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.