Users are unable to use combinations of \n , \t , \r , \’ , \” , \v , \f , etc… in passwords for TACACS server. These are interpreted as escape sequences.
The following log messages are related to a failure of TACACS negotiation:
Jun 21 22:41:40 SRX240 sshd[60845]: tac_config: /var/etc/pam_tacplus.conf:1: unterminated quoted string Jun 21 23:20:54 SRX240 sshd[60883]: tac_config: /var/etc/pam_tacplus.conf:1: unterminated quoted string
These logs in traceoptions are generated when there is a escape sequence used in the secret-key or mismatch of key.
A RADIUS shared secret is a case-sensitive password used to validate communications between a RADIUS server such as Steel-Belted Radius Carrier, and a RADIUS client, such as a network access device. Steel-Belted Radius Carrier supports shared secrets of up to 127 alphanumeric characters, including spaces and the following special characters: ~ ! @ # $ % ^ & * ( ) _ + | \ = – ‘ { } [ ] : ” ‘ ; < > ? / . ,
The backwards slash character ‘\’ has special meaning in the C programming language. It begins what is called an “Escape sequence” and it is used to define certain special characters within string literals.
Use “juniper\\n” in the RADIUS user configuration if “juniper\n” has been configured in the radius-server.