Juniper.dct ?

From: Lukman W. Kusuma (lukman@commverge.com)
Date: Sat Aug 25 2001 - 14:54:24 EDT


Dear All, and Dave,

>
>Hrm.. do you mean definitions of radius attributes or ?
>There are a few attributes defined, I've tested them with
>the Cistron FreeRadius server.
>
>You can find the attribute definitions at:
>http://arachne3.juniper.net/techpubs/software/junos44/swconfig44-install/html/sys-mgmt-authentication2.html#1014238
>
>but I'm not sure if that is what you were asking about.
>
I notice from this documentation (and its authentication example), it
put the user's "class" as part of the Juniper config and used for common
template (i.e operator, admin, etc). Otherwise, I have to specify
one-by-one for each specific user. I know that's it is not many users,
but the problem is we have a lot of equipment and We would like to
centralize the access rights from Radius.

My questions are :

   1. Could Juniper get this "class" (and surely other Juniper's VSA(s))
      from the radius server?
   2. Does anybody have sort of juniper.dct which I can put into our
      radius server?
   3. Is the "class" attribute in RFC 2138 equivalent to Juniper's
      "class" in its authentication?

TIA

Lukman



This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:36 EDT