RADIUS User Login Scenarios

This section provides several scenarios that describe the user account and template account information that should be configured on the RADIUS server and in Junos Scope for a user to log in to Junos Scope with certain permissions.

All RADIUS servers should be up and running for RADIUS users to log in to Junos Scope successfully.

Scenario 1: Logging In to Junos Scope when a Remote Template Account Is Present

If a user account is present on the RADIUS server, the user should be able to log in to Junos Scope if either the Juniper-Local-User-Name attribute is not specified, or the username corresponding to the Juniper-Local-User-Name attribute does not exist in Junos Scope, but the username remote does (see Table 10). See also Remote Template Accounts.

Table 10: RADIUS Server Setup, Junos Scope User Information, and Login Results

RADIUS Server Configuration

Junos Scope User Setup Information

Successful Login Results

bob password = ‘bobpassword

Juniper-Local-User-Name is not specified

Username: remote

Password: remote

Permissions: read-only

Username: bob

Password: bobpassword

Permissions: read-only

Scenario 2: Logging In to Junos Scope when a Local Template Account Is Present

If a user account is present on the RADIUS server, the user should be able to log in if the Juniper-Local-User-Name attribute is specified and the corresponding local user is set up in Junos Scope (see Table 11 ).

Table 11: RADIUS Server Setup, Junos Scope User Information, Login Results

RADIUS Server Configuration

Junos Scope User Setup Information

Successful Login Results

edward password = ‘edward

Juniper-Local-User-Name = ‘fritz

Username: fritz

Password: fritz

Permissions: superuser

Username: fritz

Password: fritz

Permissions: superuser

Username: remote

Password: remote

Permissions: read-only

Username: edward

Password: edward

Permissions: superuser

Username: edward

Password: edward

Permissions: read-only

(If you delete user fritz first)

Scenario 3: Logging In to Junos Scope when the Same User Account Is Present on the RADIUS Server and in Junos Scope

If the same username and password are present on the RADIUS server and in Junos Scope, the user can log in to Junos Scope using the username and password combination. After login, the user has the permissions that exist in Junos Scope (see Table 12 ).

Table 12: RADIUS Server Setup, Junos Scope User Information, and Login Results

RADIUS Server Configuration

Junos Scope User Set Up Information

Successful Login Results

honda password = ‘honda

Juniper-Local-User-Name = ‘fritz

Username: fritz

Password: fritz

Permissions: superuser

Username: fritz

Password: fritz

Permissions: superuser

Username: honda

Password: honda

Permissions: read-only

Username: honda

Password: honda

Permissions: read-only

Username: honda

Password: honda

Permissions: superuser

(If you delete user honda first)

If the same username is present on the RADIUS server and in Junos Scope, but the passwords on the RADIUS server and in Junos Scope are different, the user can log in using the username and both passwords. After login, the user gets the same permissions as configured on the RADIUS server or locally in Junos Scope depending on whether the username and password combination exists on the RADIUS server or in Junos Scope (see Table 13).

Table 13: RADIUS Server Setup, Junos Scope User Information, Login Results

RADIUS Server Configuration

Junos Scope User Setup Information

Successful Login Results

honda password = ‘honda

Juniper-Local-User-Name = ‘fritz

Username: fritz

Password: fritz

Permissions: superuser

Username: honda

Password: honda

Permissions: superuser

Username: honda

Password: honda123

Permissions: read-only

Username: honda

Password: honda123

Permissions: read-only