[j-nsp] RADIUS Access

• Next message: Berislav Todorovic: "Re: [j-nsp] RADIUS Access"
• Previous message: Joe Kelly: "RE: [j-nsp] Disconnect console"
• Next in thread: Berislav Todorovic: "Re: [j-nsp] RADIUS Access"
• Reply: Berislav Todorovic: "Re: [j-nsp] RADIUS Access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

I have configured radius authentication via Radiator RADIUS with my
Juniper routers (JunOS v4.2) and can gain both administrative access and
read-only access depending on the user account logging in.

Administrative access provides full access including modification of
configuration. The read-only access can perform 'show interfaces', 'show
bgp', etc... The problem I have is I'd like the read-only account to also
be able to issue the 'show configuration' command but I have been unable
to get this work.

Does anyone know if this configurable?

I have tried the following with no effect;

[edit system login]
 class read-only {
        allow-commands "show configuration";
    }

user remote {
    full-name "View only configuration users";
    uid 2000;
    class read-only;
}

I have also tried passing the following attribute via the RADIUS server;

 Vendor-Specific = "Juniper-Allow-Commands=show configuration"

This also has no effect.

-- 
DaL

• Next message: Berislav Todorovic: "Re: [j-nsp] RADIUS Access"
• Previous message: Joe Kelly: "RE: [j-nsp] Disconnect console"
• Next in thread: Berislav Todorovic: "Re: [j-nsp] RADIUS Access"
• Reply: Berislav Todorovic: "Re: [j-nsp] RADIUS Access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:37 EDT