<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On Oct 14, 2008, at 7:22 PM, John Payne wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div><br><br>On Oct 14, 2008, at 6:35 PM, Mark Ellzey Thomas <<a href="mailto:mark.thomas@corp.aol.com">mark.thomas@corp.aol.com</a> <br><blockquote type="cite">wrote:<br></blockquote><br><blockquote type="cite">On Tue, Oct 14, 2008 at 06:26:30PM -0400, John Payne wrote:<br></blockquote><blockquote type="cite"><blockquote type="cite">This took a while to find, so sending here to document. ScreenOS 6+<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">will authenticate via TACACS+.<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Necessary tac_plus.cfg snippet:<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"> service = netscreen {<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"> vsys = root<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"> privilege = read-write<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"> }<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Greetings John,<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Thank you very much for posting this. Do you know whether <br></blockquote><blockquote type="cite">authorization<br></blockquote><blockquote type="cite">is supported with 6.0 (or will be)? I remember seeing that it is <br></blockquote><blockquote type="cite">only read or<br></blockquote><blockquote type="cite">read/write.<br></blockquote><br>I'm only looking at 6.1 at this point. Authorization is not yet <br>available, but there is read-only, read-write and something else... I <br>think admin or superuser (basically read-write but a few extra privs <br>like setting up nsrp and local user maintenance).<br><br>I will say that tacacs+ support is not complete yet. The biggest issue <br>for me right now is that failover isn't working between primary and <br>backup servers. I did get a patch for remote address in about 2 weeks <br>though, so engineering is invested.</div></blockquote><br></div><div>6.1.0r5 seems to be doing failover now. </div></body></html>