Security

 View Only
last person joined: 11 days ago 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.
Back to discussions
Expand all | Collapse all

Remote user authentication on JUNOS

  • 1.  Remote user authentication on JUNOS

    Posted 20 days ago

    Hi everyone,

    https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/topic-map/junos-os-user-authentication-overview.html

    When you configure local user templates and a user logs in, Junos OS issues a request to the authentication server to authenticate the user's login name. If the user is authenticated, the server returns the local username to Junos OS ( local-user-name for TACACS+, and Juniper-Local-User-Name for RADIUS ). Junos OS then determines whether a local username is specified for that login name, and if so, Junos OS assigns the user to that local user template. If a local user template does not exist for the authenticated user, the router or switch defaults to the remote template, if configured.
    What happens if we have following misconfiguration cases:

    MX-------RADIUS/TACACS
    CASE 1:
     We do not configure Local user template and remote template , and RADIUS /TACACS server return local-user X attribute ( meaning X group local template is expected on the JUNOS so Privilege can be determined based on the X template) but none is configured on the MX. What will MX do next?

    CASE:2
    We do not configure Local user template and remote template , and RADIUS /TACACS server does not return any Local-user attribute.
    What will MX do in this case?

    Thanks!!



    ------------------------------
    Be kind!!
    ------------------------------