TechLibrary

Table of Contents

Guide That Contains This Content

[+] Expand All

[-] Collapse All

Example: Configuring Access Profiles

The master administrator is responsible for configuring access profiles in the master logical system. This example shows how to configure access profiles.

Requirements

Before you begin:

Log in to the master logical system as the master administrator. See Understanding the Master Logical System and the Master Administrator Role.
Read Firewall User Authentication Overview in the Junos OS Security Configuration Guide .

Overview

This example configures an access profile for LDAP authentication for logical system users. This example creates the access profile described in Table 1.

Note: The master administrator creates the access profile.

Table 1: Access Profile Configuration

Name	Configuration Parameters
ldap1	LDAP is used as the first (and only) authentication method. Base distinguished name: Organizational unit name (OU): people Domain components (DC): example, com A user’s LDAP distinguished name is assembled through the use of a common name identifier, username, and base distinguished name. The common name identifier is user ID (UID). The LDAP server address is 10.155.26.104 and is reached through port 389.

Name

Configuration Parameters

ldap1

LDAP is used as the first (and only) authentication method.
Base distinguished name:
- Organizational unit name (OU): people
- Domain components (DC): example, com
A user’s LDAP distinguished name is assembled through the use of a common name identifier, username, and base distinguished name. The common name identifier is user ID (UID).
The LDAP server address is 10.155.26.104 and is reached through port 389.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Note: You must be logged in as the master administrator.

set access profile ldap1 authentication-order ldap set access profile ldap1 ldap-options base-distinguished-name ou=people,dc=example,dc=com set access profile ldap1 ldap-options assemble common-name uid set access profile ldap1 ldap-server 10.155.26.104 port 389

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide .

To configure an access profile in the master logical system:

Log in to the master logical system as the master administrator and enter configuration mode.
admin@host> configureadmin@host#
Configure an access profile and set the authentication order.
[edit access profile ldap1]admin@host# set authentication-order ldap
Configure LDAP options.
[edit access profile ldap1]admin@host# set ldap-options base-distinguished-name ou=people,dc=example,dc=comadmin@host# set ldap-options assemble common-name uid
Configure the LDAP server.
[edit access profile ldap1]admin@host# set ldap-server 10.155.26.104 port 389

Results

From configuration mode, confirm your configuration by entering the show access profile profile-name command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

admin@host# show access profile ldap1authentication-order ldap;ldap-options {base-distinguished-name ou=people,dc=example,dc=com;assemble {common-name uid;}}ldap-server {10.155.26.104 port 389;}

If you are done configuring the device, enter commit from configuration mode.