Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

SRX Getting Started - Configure RADIUS

0

0

Article ID: KB16607 KB Last Updated: 04 May 2012Version: 7.0
Summary:

This article provides information about configuring, verifying, and troubleshooting RADIUS authentication.

For other topics, go to the SRX Getting Started main page.

Symptoms:
  • Add an external RADIUS server.
  • Define authentication order.
  • Assign a class to remote authenticated users.
Cause:

Solution:

This section contains the following:


J-Web Configuration

For information about configuring RADIUS authentication using J-Web, see http://www.juniper.net/techpubs/software/junos-security/junos-security10.4/junos-security-admin-guide/index.html?managing-users-jweb.html.

Important: To completely set up RADIUS authentication, you must specify a system authentication order and create user template accounts.


CLI Configuration

For information about configuring RADIUS authentication, see http://www.juniper.net/techpubs/software/junos-security/junos-security10.4/junos-security-admin-guide/index.html?managing-users-config.html.

To configure RADIUS authentication:

Important:
To completely set up RADIUS authentication, you must specify a system authentication order and create user template accounts (steps 2 and 3, respectively).
  1. Add an external RADIUS server, and specify the port number and shared secret of the RADIUS server. In this example, the external RADIUS server is 10.0.0.100, with a port of 1812 and secret of abc.

  2. user@host#
    set system radius-server 10.0.0.100 port 1812 secret abc

  3. Specify the authentication order. In this example, user authentication is first attempted with the local password before RADIUS authentication is attempted.

  4. user@host# set system authentication-order radius
    user@host#
    insert system authentication-order password before radius

  5. Assign a class to the remote authenticated users. By default, JUNOS Software uses the remote template account when the authenticated user does not exist locally on the device, and when the authenticated user's record in the RADIUS server specifies a local user template, but the specified local user template does not exist locally on the device. 
  6. In this example, a user named remote, with a full name of "all remote users", who belongs to the operator login class is created.

    user@host# set system login user remote full-name "all remote users"
    user@host#
    set system login user remote class operator 
For more information about how to assign RADIUS authenticated users to a specific user template, see KB21685


Note:  By default, PAP is used in Junos, which is clear text. To enable mschap-v2, use the command below:
user@host# set system radius-options password-protocol mschap-v2


Technical Documentation

Junos 10.4
  • PDF -- See Chapter 7, Configuring System Authentication (page 97).
  • HTML - See Configuring RADIUS and TACACS+ System Authentication

    Note: Significant changes (examples, instructions, explanations) were made to the Junos 11.4 technical documentation. So, although your device is running Junos 10.4, you may refer to the Junos 11.4 technical documentation for detailed explanations.

Junos 11.4
  • PDF -- See Chapter 4, Configuring RADIUS and TACACS+ System Authentication (page 49).
  • HTML - See Configuring RADIUS and TACACS+ System Authentication

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search