Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Configuring Local Users for Client Groups

    This example shows how to configure a local user for client groups in a profile.

    Requirements

    Before you begin, create an access profile. See Example: Configuring the Access Profile.

    Overview

    A client group is a list of groups to which the client belongs. As with client-idle timeout, a client group is used only if the external authentication server does not return a value in its response (for example, LDAP servers do not return such information).

    This example shows how to configure a local user called Client-1 for client groups G1, G2, and G3 in a profile called Managers. Within this example, client groups are configured for a client. If a client group is not defined for the client, then the client group under the access profile session-options hierarchy is used.

    Configuration

    CLI Quick Configuration

    To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

    set access profile Managers client Client-1 client-group G1
    set access profile Managers client Client-1 client-group G2
    set access profile Managers client Client-1 client-group G3
    set access profile Managers client Client-1 firewall-user password pwd
    set access profile Managers session-options client-group G1
    set access profile Managers session-options client-group G2
    set access profile Managers session-options client-group G3

    Step-by-Step Procedure

    The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide PDF Document.

    To configure a local user for client groups in a profile:

    1. Configure the firewall user and assign client groups to it.
      [edit access profile Managers]
      user@host# set client Client-1 client-group G1
      user@host# set client Client-1 client-group G2
      user@host# set client Client-1 client-group G3
      user@host# set client Client-1 firewall-user password pwd
    2. Configure client groups in the session options.
      [edit access profile Managers]
      user@host# set session-options client-group G1
      user@host# set session-options client-group G2
      user@host# set session-options client-group G3

    Results

    Confirm your configuration by entering the show access profile Managers command from configuration mode. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

    [edit]

    user@host# show access profile Managers
    client Client-1 {
    client-group [ G1 G2 G3 ];
    firewall-user {
        password "$9$jpimT9A0REyn6yl"; ## SECRET-DATA
    }
}
session-options {
    client-group [ G1 G2 G3 ];
}

    If you are done configuring the device, enter commit from configuration mode.

    Verification

    To confirm that the configuration is working properly, perform this task:

    Troubleshooting with Logs

    Purpose

    Use these logs to identify any issues.

    Action

    From operational mode, enter the show log messages command and the show log dcd command.

     

    Related Documentation

     

    Published: 2012-06-29

    Previous Page Next Page