Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos] Behavior difference in TACACS and RADIUS Accounting

0

0

Article ID: KB27799 KB Last Updated: 20 Aug 2013Version: 5.0
Summary:
This article discusses differences in behavior of SRX when TACACS or RADIUS is used for system accounting. Although the article is focused on the SRX it applies to all Junos platforms.
Symptoms:
Different behavior is seen for TACACS and RADIUS in the following scenarios:
  • When system accounting is configured on the SRX and a configuration change is made on the device using "load set terminal" command all the configuration statements of this change are sent to the TACACS server.  In the case of Radius, only the "load set terminal" is sent.
  • RADIUS Accounting does not work on secondary node in a cluster whereas TACACS accounting works.
Cause:
On the SRX, accounting for TACACS is handled by 'mgd' process which accounts for commands getting executed on CLI as well as in background.  Whereas accounting for RADIUS is handled by 'Auditd' process; this process only does accounting for commands executed on the CLI.

Commands sent to accounting server:
  • When RADIUS Server accounting is configured:  Only the "#load set terminal" command is executed on the CLI, thus we will not see all the commands that are executed.
  • When TACACS accounting is configured:   we see all the commands that are executed including the commands that are part of  "#load set terminal".

Primary Node / Secondary Node:
  • Since Auditd process only runs on the Primary node, RADIUS accounting doesn't work on the Secondary node.
  • Whereas mgd runs on both nodes; thus TACACS accounting works on both nodes.

Solution:
This behavior is as expected and by design.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search