[Contents] [Prev] [Next] [Index] [Report an Error]

RADIUS User Login Scenarios

This section provides several scenarios that describe the user account and template account information that should be configured on the RADIUS server and in JUNOScope for a user to log in to JUNOScope with certain permissions.

All RADIUS servers should be up and running for RADIUS users to log in to JUNOScope successfully.

Scenario 1: Logging In to JUNOScope when a Remote Template Account Is Present

If a user account is present on the RADIUS server, the user should be able to log in to JUNOScope if either the Juniper-Local-User-Name attribute is not specified, or the username corresponding to the Juniper-Local-User-Name attribute does not exist in JUNOScope, but the username remote does (see Table 14). See also Remote Template Accounts.

Table 14: RADIUS Server Setup, JUNOScope User Information, and Login Results

RADIUS Server Configuration

JUNOScope User Setup Information

Successful Login Results

bob password = ‘bobpassword

Juniper-Local-User-Name is not specified

Username: remote

Password: remote

Permissions: read-only

Username: bob

Password: bobpassword

Permissions: read-only

Scenario 2: Logging In to JUNOScope when a Local Template Account Is Present

If a user account is present on the RADIUS server, the user should be able to log in if the Juniper-Local-User-Name attribute is specified and the corresponding local user is set up in JUNOScope (see Table 15 ).

Table 15: RADIUS Server Setup, JUNOScope User Information, Login Results

RADIUS Server Configuration

JUNOScope User Setup Information

Successful Login Results

edward password = ‘edward

Juniper-Local-User-Name = ‘fritz

Username: fritz

Password: fritz

Permissions: superuser

Username: fritz

Password: fritz

Permissions: superuser

Username: remote

Password: remote

Permissions: read-only

Username: edward

Password: edward

Permissions: superuser

Username: edward

Password: edward

Permissions: read-only

(If you delete user fritz first)

Scenario 3: Logging In to JUNOScope when the Same User Account Is Present on the RADIUS Server and in JUNOScope

If the same username and password are present on the RADIUS server and in JUNOScope, the user can log in to JUNOScope using the username and password combination. After login, the user has the permissions that exist in JUNOScope (see Table 16 ).

Table 16: RADIUS Server Setup, JUNOScope User Information, and Login Results

RADIUS Server Configuration

JUNOScope User Set Up Information

Successful Login Results

honda password = ‘honda

Juniper-Local-User-Name = ‘fritz

Username: fritz

Password: fritz

Permissions: superuser

Username: fritz

Password: fritz

Permissions: superuser

Username: honda

Password: honda

Permissions: read-only

Username: honda

Password: honda

Permissions: read-only

Username: honda

Password: honda

Permissions: superuser

(If you delete user honda first)

If the same username is present on the RADIUS server and in JUNOScope, but the passwords on the RADIUS server and in JUNOScope are different, the user can log in using the username and both passwords. After login, the user gets the same permissions as configured on the RADIUS server or locally in JUNOScope depending on whether the username and password combination exists on the RADIUS server or in JUNOScope (see Table 17).

Table 17: RADIUS Server Setup, JUNOScope User Information, Login Results

RADIUS Server Configuration

JUNOScope User Setup Information

Successful Login Results

honda password = ‘honda

Juniper-Local-User-Name = ‘fritz

Username: fritz

Password: fritz

Permissions: superuser

Username: honda

Password: honda

Permissions: superuser

Username: honda

Password: honda123

Permissions: read-only

Username: honda

Password: honda123

Permissions: read-only

 

[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.