Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[BTI] Configure PSM server to use an external RADIUS server for PSM client login authentication

0

0

Article ID: KB32730 KB Last Updated: 20 Jun 2019Version: 2.0
Summary:

By default, the PSM server uses its own internal RADIUS server for PSM client login authentication, as well as for the browser-based PSM Dashboard login. 

This article describes how to configure the PSM server to use an external RADIUS server instead of its own.

For instructions on how to configure PSM's internal RADIUS server to also authenticate user login to Juniper BTI equipment, see KB34125 - Configure the PSM server's internal RADIUS server for BTI Network Element user login authentication.

Note: By default, PSM does not use RADIUS or LDAP authentication for SSH login to the Linux server OS. A local root user is configured by default.   

Note: This article does not include instructions on how to configure the external RADIUS server.

Solution:
  1. SSH to the PSM server, and login as root

  2. Add the following lines to the override-common.properties file, which is located at:

    /var/local/ems9001/conf/override-common.properties

    Warning: Do not modify /usr/local/ems9001/conf/common.properties

    Syntax:

    auth.radius.server.1=<IP address>
    auth.radius.port.authentication.1=<Authentication Port>
    auth.radius.port.accounting.1=<Accounting Port>
    auth.radius.secret.1=<Secret>
     

    Example:

    auth.radius.server.1=192.25.101.8
    auth.radius.port.authentication.1=1812
    auth.radius.port.accounting.1=1813
    auth.radius.secret.1=secret123
     
  3. Restart the PSM application:

    psm-restart
     
    Once the 'Ems-******' processes resume, hit CTRL-C to exit:
     
    Process 'Ems-Server-Masters'        Running
    Process 'Ems-Server-Workers'        Running
    Process 'Ems-Server-Discovery'      Running
    Process 'Ems-Dashboard'             Running


The PSM server will now use the External RADIUS server to authenticate users for PSM Client application login, as well as the PSM Dashboard login.        

 

Modification History:
2019-06-20: Clarified article title and added reference to KB34125.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search