Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

authentication-source (Security)

 

Syntax

Hierarchy Level

Release Information

Statement introduced in Junos OS Release 12.1-X45-D10. Support for active-directory-authentication-table priority command added in Junos OS Release 12.1X47-D10. Statement updated in Junos Release 15.1X49-D60. Support for the aruba-clearpass command statement added in Junos OS Release 12.3X48-D30.

Statement active-directory-authentication-table introduced in Junos OS Release 12.1X47-D10.

Statement firewall-authentication introduced in Junos OS Release 12.1X45-D10. Support for disable option dropped in Junos OS Release 12.1X47-D10.

Statement unified-access-control and local-authentication-table are introduced in Junos OS Release 12.1. Support for disable option dropped in Junos OS Release 12.1X47-D10.

Statement aruba-clearpass introduced in Junos OS Release 12.3X48-D30.

Description

Identifies one or more tables to be used as the source for user role information. Tables are searched in sequence based on lowest to highest priority.

active-directory-authentication-table- An authentication table is generated by polling Active Directory domain controllers for source identity information about active users. Each entry in the table correlates an authenticated user with an IP address and associated user groups. That information is used for matching in IP-based firewall policies. The user information must be retrieved from the table before policy lookup can proceed and traffic is allowed to pass through the firewall.

aruba-clearpass- For aruba-clearpass, if an entry for the user is not found in the aruba-clearpass authentication table, the other authentication tables are searched in the specified order. For the integrated ClearPass authentication and enforcement feature, the SRX Series device must be configured to search the ClearPass authentication table first. Both the authentication source, Aruba ClearPass, and the SRX Series ClearPass authentication table are referred to as aruba-clearpass in the CLI output.

firewall-authentication- Enables the firewall authentication table as an authentication source. The priority of this table among other authentication tables establishes the search sequence used to identify user and role values.

local-authentication-table- An authentication table created on the SRX Series device using the request security user-identification local-authentication-table add command. You need to set this value only if the local authentication table, whose default value is 100, also resides on the Packet Forwarding Engine. In that case, you must configure a higher priority value, such as 120, for the local authentication table.

unified-access-control- An authentication table pushed from a configured authentication device, such as the Junos Pulse Access Control Service.

priority- Larger number means lower priority. Setting the priority value of the firewall authentication table to 0 is equivalent to disabling the table and eliminating it from the search sequence. Set the lookup priority to identify the order in which the SRX Series device checks its configured authentication tables for user authentication information. Authentication tables are searched in order based on their priority setting in which lowest value takes precedence.

Options

nameUser-identification authentication-source name such as active directory authentication table, aruba clearpass, firewall authentication, local authentication table, and unified access control.
priorityA unique value between 0 and 65535 that determines the sequence for searching multiple tables to retrieve a user role. Each table is given a unique priority value. The priority determines the sequence for searching among various other authentication tables to retrieve a user role. The priorities of the following tables are considered: local authentication table, firewall authentication table, Active Directory authentication table, and UAC authentication table.

Range: A unique value from 0 through 65535.

Default: The default priority of the Active Directory authentication table is 125.

Default: The default priority of the ClearPass authentication table is 110.

Default: The default priority of the Firewall authentication is 150.

Default: The default priority of the Local authentication table is 100.

Default: The default priority of the Unified access control is 200.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.