 |
Note: Permission bits override allow and deny commands. |
In this example, you configure the sales and engineering local user templates:
- [edit]
- system {
-
- login {
-
- user sales {
- uid uid-value;
- class class-name;
- }
-
- user engineering {
- uid uid-value;
- class class-name;
- }
- }
- }
Now you configure users on the TACACS+ authentication server:
- user = simon {
- ...
-
- service = junos-exec {
- local-user-name = sales
- allow-commands = "configure"
- deny-commands = "shutdown"
- }
- }
- user = rob {
- ...
-
- service = junos-exec {
- local-user-name = sales
- allow-commands = "(request system) | (show rip neighbor)"
- deny-commands = "<^clear"
- }
- }
- user = harold {
- ...
-
- service = junos-exec {
- local-user-name = engineering
- allow-commands = "monitor | help | show | ping | traceroute"
- deny-commands = "configure"
- }
- }
- user = jim {
- ...
-
- service = junos-exec {
- local-user-name = engineering
- allow-commands = "show bgp neighbor"
- deny-commands = "telnet | ssh"
- }
- }
When the login users Simon and Rob are authenticated, they use the sales local user template. When login users Harold and Jim are authenticated, they use the engineering local user template.
|
Note: Permission bits override allow and deny commands. |
 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |