Specifying a Single Name for Users from a Domain

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]

JUNOSe 9.1.x Broadband Access Configuration Guide > Configuring Remote Access > Specifying a Single Name for Users from a Domain
Specifying a Single Name for Users from a Domain

Assigning a single username and a single password for all users associated with a domain provides better compatibility with some RADIUS servers. You can use this feature for domains that require the router to tunnel, but not terminate, PPP sessions.

When users request a PPP session, they specify usernames and passwords. During the negotiations for the PPP session, the router authenticates legitimate users.

NOTE: This feature works only for users authenticated by Password Authentication Protocol (PAP) and not by Challenge Handshake Authentication Protocol (CHAP).

If you configure this feature, the router substitutes the specified username and password for all authenticated usernames and passwords associated with that domain.

There are two options for this feature. The router can:

Substitute the domain name for each username and one new password for each existing password.

For example, if the domain name is xyz.com and you specify the password xyz_domain, the router associates the username xyz.com and the password xyz_domain with all users from xyz.com.

Substitute one new username for each username and one new password for each existing password.

For example, if the domain name is xyz.com and you specify the username xyz_group and the password xyz_domain, the router associates these identifiers with all users from xyz.com.

To use a single username and a single password for all users from a domain:

Access Domain Map Configuration mode using the aaa domain-map command.

Specify the new username and password using the override-user command.

aaa domain-map
Use to map a domain name to a virtual router or to access Domain Map Configuration mode.

Example
host1(config)#aaa domain-map xyz.com
host1(config-domain-map)#
Use the no version to delete the map entry.
override-user
Use to specify a single username and single password for all users from a domain in place of the values received from the remote client.

Use only for domains that require the router to tunnel and not terminate PPP sessions.

If you specify a password only, the router substitutes the domain name for the username and associates the new password with the user. If you specify a password only and you have configured the domain name none with the aaa domain-map command, the router rejects any users without domain names.

If you specify a name and password, the router associates both the new name and password with the user.

Example
host1(config-domain-map)#override-user name boston password abc
Use the no version to revert to the original username.

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]