Configuring Template Accounts (NSM Procedure)

You can create template accounts that are shared by a set of users when you are using RADIUS or TACACS+ authentication. When a user is authenticated by a template account, the CLI username is the login name, and the privileges, file ownership, and effective user ID are inherited from the template account.

To configure template accounts, follow these procedures:

Creating a Remote Template Account

You can create a remote template that is applied to users authenticated by RADIUS or TACACS+ that do not belong to a local template account.

By default, Junos OS with enhanced services uses the remote template account when:

The following procedure creates a sample user named remote that belongs to the operator login class.

To create a remote template account:

  1. In the NSM navigation tree, select Device Manager > Devices.
  2. Click the Device Tree tab and then double-click the device for which you want to create a remote template account.
  3. Click the Configuration tab. In the configuration tree, select System > Login > User.
  4. Add or modify login class settings as specified in Table 29.
  5. Click one:
    • New—Creates a new remote template account.
    • OK—Saves the changes.
    • Cancel—Cancels the modifications.

Table 29: Remote Template Account Details

Option

Function

Your Action

Name

Specifies a name for the user name.

Enter the user name. For example, type remote.

Uid

Specifies the user identifier for a login account.

Enter the number associated with the login account.

Class

Specifies the login class for the user.

Select the login class. For example, select operator.

Creating a Local Template Account

You can create a local template that is applied to users authenticated by RADIUS or TACACS+ that are assigned to the local template account. You use local template accounts when you need different types of templates. Each template can define a different set of permissions appropriate for the group of users who use that template.

The following procedure creates a sample user named admin that belongs to the superuser login class.

To create a local template account:

  1. In the NSM navigation tree, select Device Manager > Devices.
  2. Click the Device Tree tab and then double-click the device for which you want to create a local template account.
  3. Click the Configuration tab. In the configuration tree, select System > Login > User.
  4. Add or modify login class settings as specified in Table 30.
  5. Click one:
    • New—Creates a new local template account.
    • OK—Saves the changes.
    • Cancel—Cancels the modifications.

Table 30: Local Template Account Details

Option

Function

Your Action

Name

Specifies a name for the user name.

Enter the user name. For example, type admin.

Uid

Specifies the user identifier for a login account.

Enter the number associated with the login account.

Class

Specifies the login class for the user.

Select the login class. For example, select superuser.

Related Documentation