Having just posted this, I found the answer.
The config line does NOT need the variable name to be specified, it appears the VSA value of 1 is sufficient.
see screen shot which hopefully shows the full config steps.
As shown this logs an authorised used into the switch using the template SU
------------------------------
PAUL WORMAN
------------------------------
Original Message:
Sent: 01-11-2024 02:55
From: PAUL WORMAN
Subject: Juniper-Local-User-Name VSA with Windows NPS
Did you ever get this to work?
I have the same problem.
I have set up the Attribute value to be "Juniper-Local-User-Name = SU" with Vendor ID of 2636 and type 1 and can see this passed in the WireShark captures from the server to the switch. I tried differnt format: := with " and without, all seem to be passed but none see to make a difference.
Paul
------------------------------
PAUL WORMAN
Original Message:
Sent: 01-04-2023 12:52
From: CONNOR DAHLBERG
Subject: Juniper-Local-User-Name VSA with Windows NPS
I am trying to set up Radius authentication on our Juniper equipment. I am able to get it working, but I do not want to make a user for every tech person in our environment. It would effectively defeat the purpose of using Radius.
I know that I can utilize the "remote" user as a fallback method, but I would like to use it for read-only users if I am able.
Juniper provides an example of how to configure Juniper-Local-User-Name VSA using freeRADIUS in this article:
https://supportportal.juniper.net/s/article/Configuration-Example-How-to-assign-a-login-class-to-users-that-are-authenticated-using-a-FreeRADIUS-server
Unfortunately, we are using Windows NPS and i have been unable to find any examples or figure it out myself for the platform.
Is anyone able to provide answers or documentation for this?
Thank you,
Connor
------------------------------
CONNOR DAHLBERG
------------------------------