Hi everyone,
https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/topic-map/junos-os-user-authentication-overview.html
When you configure local user templates and a user logs in, Junos OS issues a request to the authentication server to authenticate the user's login name. If the user is authenticated, the server returns the local username to Junos OS ( local-user-name for TACACS+, and Juniper-Local-User-Name for RADIUS ). Junos OS then determines whether a local username is specified for that login name, and if so, Junos OS assigns the user to that local user template. If a local user template does not exist for the authenticated user, the router or switch defaults to the remote template, if configured.
What happens if we have following misconfiguration cases:
MX-------RADIUS/TACACS
CASE 1:
We do not configure Local user template and remote template , and RADIUS /TACACS server return local-user X attribute ( meaning X group local template is expected on the JUNOS so Privilege can be determined based on the X template) but none is configured on the MX. What will MX do next?
CASE:2
We do not configure Local user template and remote template , and RADIUS /TACACS server does not return any Local-user attribute.
What will MX do in this case?
Thanks!!
------------------------------
Be kind!!
------------------------------