Hi Steve,
Many thanks for the response.
I have configured the RADIUS server with the method shown in the documentation. So, for example:
Username: John
Cleartext-password: testing123
Juniper-Local-User-Name: RO, OP, or SU (I have tried all three and a bespoke class I created).
I have set the "Juniper-Local-User-Name" in the received and sent but it does not seem to make any difference at all.
It makes perfect sense that the Juniper device does not see this returned and therefore rejects it and eventually times out, but I cannot work out why. I am pretty sure it is something to do with the radius config, but where, who knows.
I am using a mysql backend database and not the text files of user and clients.
The config on the Juniper is the basic for testing purposes. I guess I will have to keep trying.
------------------------------
Clive Gwyther
------------------------------
Original Message:
Sent: 08-14-2023 13:15
From: spuluka
Subject: Adding a login user group via AAA
The RADIUS server has to be setup to return the desired group name that matches the Junos configuration. It sounds like this has not been setup yet.
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home
Original Message:
Sent: 08-14-2023 09:46
From: Clive Gwyther
Subject: Adding a login user group via AAA
Hi Steve,
Many thanks for the pointer in the right direction. Although I see the access request hit the radius server, it is not finding a group and sending this information back and therefore I believe the user is being logged in with the "remote" class and cannot do anything. I have tested this by setting the following:
user: john
nas: 1.1.1.1
Juniper-Local-User-Name: RO
I can change Juniper-Local-User-Name to be any of them and it makes no difference. It just does not seem to be functioning correctly.
------------------------------
Clive Gwyther
Original Message:
Sent: 08-12-2023 10:28
From: spuluka
Subject: Adding a login user group via AAA
You create local groups for the desired permissions and then connect Junos login to the external RADIUS server.
https://supportportal.juniper.net/s/article/Junos-How-to-assign-a-login-class-to-RADIUS-authenticated-users
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home
Original Message:
Sent: 08-12-2023 02:50
From: Clive Gwyther
Subject: Adding a login user group via AAA
Hi,
I need to have a login group for, as an example, below:
Admins - Super-users
Operational Users - Just monitoring the systems
This needs to be controlled by AAA server. So no local logins.
Is there a way og completing this please?
------------------------------
Clive Gwyther
------------------------------