 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
When you configure a local template and a user logs in, the JUNOScope software sends a request to the authentication server to authenticate the user's login name. When a user is authenticated, the RADIUS server returns the local username to JUNOScope. If a local username (for example, the Juniper-Local-User-Name attribute) is specified for that login name. the appropriate local template is selected. If no local template is returned by the RADIUS server or no corresponding local template exists in JUNOScope, JUNOScope will, by default, use the remote template (see Remote Template Accounts.)
Table 12 shows the user account information that must exist on the RADIUS server and in the local template account or user set up in JUNOScope.
Table 12: Local Template Account
|
RADIUS Server User Account |
JUNOScope Local Template Account |
|---|---|
|
Username: “edward” Password: ”edward” Juniper-Local-User-Name= “fritz” |
Username: fritz Password: fritz Permissions: superuser |
If a local user logs in to JUNOScope using username fritz and password fritz, the user will log in successfully with superuser permissions. However, if a RADIUS user “edward” logs in to JUNOScope successfully using username edward, that user gets the same permissions as fritz. In this case, user “edward“ on successful login gets the superuser permissions. If you change the permission for fritz to read-write, user ”edward”, on successful login, will also get read-write permissions.
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |