This is what I slammed in ....
#
# Vendor-Specific attributes use the SMI Network Management Private
# Enterprise Code from the "Assigned Numbers" RFC
#
VENDOR Juniper 2636
#
# Juniper Vendor-Specific Attributes
#
ATTRIBUTE Juniper-Local-User-Name 1 string Juniper
ATTRIBUTE Juniper-Allow-Commands 2 string Juniper
ATTRIBUTE Juniper-Deny-Commands 3 string Juniper
No radius expert here ... but seems to work.
At 09:04 +0800 27-08-2001, Lukman W. Kusuma wrote:
>Dear Dave,
>
>>>
>>>My questions are :
>>>
>>> 1. Could Juniper get this "class" (and surely other Juniper's VSA(s))
>>> from the radius server?
>>>
>>
>>I don't know. My guess is the answer is "not currently".
>>I'm inferring this from the lack of any documentation that says
>>that capability exists, and the ability you have to set up
>>(as you pointed out) multiple shared accounts, as well as
>>individual accounts, that can be authenticated via radius.
>>
>>Given the group of people you want to authenticate via
>>radius, do they not fit into one general category of access
>>or another, with a few exceptions that would be individual
>>accounts? (obviously an individual account for "davec", as I am
>>not part of the group "All" =-)
>>I'm curious. Thanks.
>>
>Well, I am just a new comer here, and you are one of the first
>replying my first email ;-)
>Specifically to this radius question, I really hope you can help me.
>
>>
>>
>>> 2. Does anybody have sort of juniper.dct which I can put into our
>>> radius server?
>>>
>>
>>Yes, I've got a dictionary file. Send it to you in a bit.
>>
>I am still waiting for your juniper.dct. It is not in my mailbox yet now ;-)
>
>
>Thanks for your help.
>
>
>Lukman
-- Joseph T. Klein +1 414 915 7489 Senior Network Engineer jtk@titania.net Adelphia Business Solutions joseph.klein@adelphiacom.com"... the true value of the Internet is its connectedness ..." -- John W. Stewart III
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:37 EDT