I've performed the steps exactly following the guide by Cisco (http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0080af7d1d.shtml) to allow Junos based tacacs+ authorization but I'm strangely getting the 'service denied' problem in my ACS. I definately have the custom service called 'junos-exec' in my ACS 4.2 for Windows. I'm trying to allow my Juniper EX switch to perform authentication (working fine) and authorization with the ACS.
09/09/2010,15:51:33,Author failed,test1,Default Group,10.8.100.77,(Default),,Service denied,service=junos-exec,ttyp0,10.8.100.31,,,,,,DF3-DC-SF-RC,,1,winlab,,,,test1,,No,
I will monitor this thread till it is resolved, thanks in advance for any help or advice!
Can you check the TCS log to see if Juniper box sent back "protocol=tacacs+"?
If not, you can try to remove "tacacs+" under the protocol in the step 2 of the link which you mentioned. Or check with Juniper to see if they can send "protocol=tacacs+".