> Dear All, and Dave,
Wow, as if I didn't feel isolated enough.
> >Hrm.. do you mean definitions of radius attributes or ?
> >There are a few attributes defined, I've tested them with
> >the Cistron FreeRadius server.
> >
> >You can find the attribute definitions at:
> >http://arachne3.juniper.net/techpubs/software/junos44/swconfig44-install/html/sys-mgmt-authentication2.html#1014238
> >
> >but I'm not sure if that is what you were asking about.
> >
> I notice from this documentation (and its authentication example), it
> put the user's "class" as part of the Juniper config and used for common
> template (i.e operator, admin, etc). Otherwise, I have to specify
> one-by-one for each specific user. I know that's it is not many users,
> but the problem is we have a lot of equipment and We would like to
> centralize the access rights from Radius.
>
> My questions are :
>
> 1. Could Juniper get this "class" (and surely other Juniper's VSA(s))
> from the radius server?
I don't know. My guess is the answer is "not currently".
I'm inferring this from the lack of any documentation that says
that capability exists, and the ability you have to set up
(as you pointed out) multiple shared accounts, as well as
individual accounts, that can be authenticated via radius.
Given the group of people you want to authenticate via
radius, do they not fit into one general category of access
or another, with a few exceptions that would be individual
accounts? (obviously an individual account for "davec", as I am
not part of the group "All" =-)
I'm curious. Thanks.
> 2. Does anybody have sort of juniper.dct which I can put into our
> radius server?
Yes, I've got a dictionary file. Send it to you in a bit.
> 3. Is the "class" attribute in RFC 2138 equivalent to Juniper's
> "class" in its authentication?
I think these are two different things that happen to share
the same name.
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:36 EDT