CLI Commands : aaa : aaa (authorization)

aaa (authorization)
Configure authorization settings.
aaa authorization map
default-user <user>
order {remote-only | remote-first | local-only}
default-user <username>—Specify what local account a non-local user authenticated via RADIUS or TACACS+ is logged on as; you must enter a username that exists locally and is enabled. This mapping is used depending on the setting of authorization map order. Use no to reset default (admin).
order— Determine how the remote user mapping behaves when authenticating users via RADIUS or TACACS+. Again, if the authenticated user name is valid locally, no mapping is performed. Use no aaa authorization map order to reset default (remote-first). Arguments:
remote-only — Only try to map a remote authenticated user if the authentication server sends a local-user mapping attribute; otherwise, no further mapping is tried.
remote-first (default) — If a local-user mapping attribute is returned and is a valid local user name, map the authenticated user to the local user specified in the attribute. Otherwise, if the attribute is not present or not valid locally, use the user specified by the default-user command.
local-only — All remote users are mapped to the user specified by the aaa authorization map default-user <user name> command. Any vendor attributes received by an authentication server are ignored.
show aaa
Display current authentication and authorization settings.

Report an Error
Media Flow Manager Administrator's Guide and CLI Command Reference
Copyright © Juniper Networks, Inc.