Routing

Expand all | Collapse all

What attributes does a RADIUS ACCESS-ACCEPT message have?

  • 1.  What attributes does a RADIUS ACCESS-ACCEPT message have?

     
    Posted 01-31-2021 06:01
    Hi.

    1. When authenticating a Junos user, what attributes does a RADIUS ACCESS-ACCEPT message have?
    2. Does the RADIUS server send a user name whose login details must be configured on the Junos device? Or does it just tell the Junos device to let the user have access, even if the user name is not configured on the Junos device?
    3. If possible, can somebody please provide a tcpdump of a RADIUS access accept message that authenticates a Junos user?

    Many thanks,
    Deepak


  • 2.  RE: What attributes does a RADIUS ACCESS-ACCEPT message have?

     
    Posted 01-31-2021 18:23
    The user name is sent to the RADIUS server by the Juniper device.  You can optionally configure your RADIUS server to return a specific attribute with the user class that will match a configuration on the device with permissions.  Or also on the device you can globally set permission for all RADIUS auththenticated users. What is returned by the RADIUS server is chosen by the server side configuration.

    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/user-access-radius-authentication.html

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------