Client Application Can Log In on Routing Platforms

The configuration management server must log in to each routing running the JUNOS software when establishing a NETCONF session. Thus, each configuration management server needs a user account on each router where it will establish a NETCONF session. The following instructions explain how to create a JUNOS login account for the configuration management server. Alternatively, you can skip this section and enable authentication through RADIUS or TACACS+; for instructions, see the chapter about system authentication in the JUNOS System Basics Configuration Guide.

To determine if a JUNOS login account exists, enter JUNOS command-line interface (CLI) configuration mode on the router you wish to check, and issue the following commands:

If the appropriate account does not exist, perform the following steps:

1. Include the user statement at the [edit system login] hierarchy level. Specify a JUNOS login class that has the permissions required for all actions to be performed by the application. You can also include the optional full-name and uid statements. For detailed information about creating user accounts, see the chapter about configuring user access in the JUNOS System Basics Configuration Guide.

   [edit system login]

   user@host# set user account-name class class-name

2. Commit the configuration. You can wait to commit the changes if you are adding more changes to the configuration file, for example until you have added the statements that satisfy all prerequisites (see NETCONF Service over SSH Is EnabledEnable NETCONF Service over SSH). However, you will need to commit the configuration file before the user account is available on the system.

   [edit system login]

   user@host# commit

3. Repeat the preceding steps on each routing platform where the client application establishes NETCONF sessions.

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.