[prev in list] [next in list] [prev in thread] [next in thread]
List: juniper-nsp
Subject: RE: [j-nsp] RSA ACE and JUNOS
From: "Ivan Batanov" <ivanb () corp ! earthlink ! net>
Date: 2004-06-16 20:49:20
Message-ID: 009401c453e3$66121840$5d58d9cf () PASLAP200495
[Download RAW message or body]
Robert,
we have RSA working on our Junipers using the following config:
system {
authentication-order [ radius password ];
class operator-local {
idle-timeout 60;
permissions [ clear network reset trace view ];
}
class read-only-local {
idle-timeout 60;
permissions view;
}
class superuser-local {
idle-timeout 60;
permissions all;
}
user r-oper {
full-name "Remote operator class";
uid XXXXX;
class operator-local;
}
user r-ro {
full-name "Remote read-only class";
uid XXXX;
class read-only-local;
}
user r-super {
full-name "Remote superuser class";
uid XXXX;
class superuser-local;
}
user backdoor-user {
uid XXXX;
class superuser-local;
authentication {
encrypted-password "XXXXXXXXXXXXXXXXXXXX"; # SECRET-DATA
}
}
}
On your RSA RADIUS server you should have the users configured with the
appropriate RADIUS profile for their privilege level (see the above
local users). The RADIUS profile should have the correct Juniper VSA (in
RSA-speak - Vendor-specific Attribute, Value type=String, Value=2636 1
"r-super").
Hope this helps,
Ivan Batanov
Earthlink, Inc
Network Engineering
Phone (626) 296 5444
Email: ivanb@corp.earthlink.net
-----Original Message-----
From: juniper-nsp-bounces@puck.nether.net
[mailto:juniper-nsp-bounces@puck.nether.net] On Behalf Of Robert Walton
Sent: Wednesday, June 16, 2004 6:36 AM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] RSA ACE and JUNOS
Hi,
Has anyone used the RSA ACE radius server with the Junipers to
much success? I have been assured it works but we only seem to have
minimal success are regards the available features i.e. it just
authorises access, we don't seem to be able to get the full range of
RADIUS capabilities.
If anyone has got it working could they provide me with a none-sensitive
(ofcourse) template of the config they used at both ends... hopefully
some of the Juniper guys have tested it in the lab already and they
coudl find their way to sharing with me... hint hint.. *ahem* Paul G...
Simon C... ;o)
cheers,
Rob
________________________________________________________________________
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify
security@ffastfill.com
This email has been scanned for all viruses by the FFastFill Email
Security System.
________________________________________________________________________
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic