Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Usage of Junos 'unauthorized' Login Class

0

0

Article ID: KB21223 KB Last Updated: 09 Jul 2013Version: 2.0
Summary:
This article provides information about how to use Junos Unauthorized Login Class.
Symptoms:
The use of the class 'unauthorize' may seem strange. When you configure a new user you have to specify a class; otherwise Junos does not let you commit, and 'unauthorized' is in essence a class with no permissions, since the actual permissions are being passed in the form of RADIUS attributes from the server.
Cause:

Solution:

The 'unauthorized' login class may be used in situations where the administrator does not want to allow a user to do anything on the device .

The following command configures a login class of type unauthorized, which is one of the predefined login classes available in Junos:

[edit]
root@srx# set system login user remote class unauthorized


Note: "remote" is the Juniper default template user name for external authentication. Refer to KB16607 for basic Radius configuration in J/SRX.

Radius Return List attributes (like Juniper-User-Permissions, Juniper-Allow-Configuration, Juniper-Allow-Commands etc ) are used to provide authorization information to the SRX device.  This means RADIUS is providing both authentication and authorization information to its client.

The screen capture below shows the Steel-Belted Radius configuration of  adding Return-List attributes:



Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search