[RADIATOR] Authorizing users via TACACS for Juniper Netscreens

Hugh Irvine hugh at open.com.au
Tue Jun 24 17:38:56 CDT 2014


Hello Craig -

The usual way to do this is with Identifiers in the Client clauses and Handlers to match.

Something like this:


…..

<Client 1.1.1.1>
	Identifier JuniperNetscreen
	Secret …..
	…..
</Client>

<Client 2.2.2.2>
	Identifier JuniperNetscreen
	Secret …..
	…..
</Client>

<Client 3.3.3.3>
	Identifier JuniperNetscreen
	Secret …..
	…..
</Client>

…..

<Handler Client-Identifier = JuniperNetscreen>

	<AuthBy …..>
		…..
	</AuthBy>

</Handler>

…..

hope that helps

regards

Hugh


On 24 Jun 2014, at 23:24, Craig Ayliffe <Craig.Ayliffe at brennanit.com.au> wrote:

> Hi,
>  
> I am looking for examples of Radiator configuration to restrict users logging into Juniper Netscreens running ScreenOS 6.3 and higher.
>  
> Need to be able to specify the vsys to be Root and the privilege to be either ‘root’ or ‘read-only’ depending of their AuthorizeGroup configuration.
>  
> Haven’t been able to find any examples anywhere.
> Would appreciate any assistance.
>  
> Regards,
> 
> Craig
> 
> Craig Ayliffe | Brennan IT | Infrastructure Engineer
> 
> T: 02 8235 3515 | M: 0410 400 546 | Craig.Ayliffe at brennanit.com.au | www.brennanit.com.au
> 
> <image940dd2.jpg at f917d609.b99d4a76>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.



More information about the radiator mailing list