Switching

 View Only
last person joined: 15 hours ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  Juniper-Local-User-Name VSA with Windows NPS

    Posted 01-04-2023 14:38
    I am trying to set up Radius authentication on our Juniper equipment.  I am able to get it working, but I do not want to make a user for every tech person in our environment.  It would effectively defeat the purpose of using Radius.

    I know that I can utilize the "remote" user as a fallback method, but I would like to use it for read-only users if I am able.

    Juniper provides an example of how to configure Juniper-Local-User-Name VSA using freeRADIUS in this article:
    https://supportportal.juniper.net/s/article/Configuration-Example-How-to-assign-a-login-class-to-users-that-are-authenticated-using-a-FreeRADIUS-server

    Unfortunately, we are using Windows NPS and i have been unable to find any examples or figure it out myself for the platform.

    Is anyone able to provide answers or documentation for this?

    Thank you,
    Connor




    ------------------------------
    CONNOR DAHLBERG
    ------------------------------


  • 2.  RE: Juniper-Local-User-Name VSA with Windows NPS

    Posted 01-11-2024 02:55

    Did you ever get this to work?

    I have the same problem.

    I have set up the Attribute value to be "Juniper-Local-User-Name  = SU" with Vendor ID of 2636 and type 1 and can see this passed in the WireShark captures from the server to the switch.  I tried differnt format:  := with " and without, all seem  to be passed but none see to make a difference.

    Paul



    ------------------------------
    PAUL WORMAN
    ------------------------------



  • 3.  RE: Juniper-Local-User-Name VSA with Windows NPS

    Posted 01-11-2024 03:07
    Edited by PAUL WORMAN 01-11-2024 03:08

    Having just posted this, I found the answer.

    The config line does NOT need the variable name to be specified, it appears the VSA value of 1 is sufficient.

    see screen shot which hopefully shows the full config steps.

    As shown this logs an authorised used into the switch using the template SU



    ------------------------------
    PAUL WORMAN
    ------------------------------