[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

CLI Configuration

To configure the device for external authentication using a RADIUS server follow these steps:

  1. Specify the RADIUS server for external authentication order. This restricts firewall users to authenticate through the RADIUS server only. If the RADIUS server authentication fails and the default password (local database) option is not specified, the firewall user is locked out.
    user@host# set access profile prof_1 authentication-order radius
  2. Configure firewall user (ClientsA-E) and assign firewall users (ClientA and ClientB) to client groups alpha, beta, and gamma.
    user@host# set access profile prof_1 client clientA client-group alpha
    user@host# set access profile prof_1 client clientA client-group beta
    user@host# set access profile prof_1 client clientA client-group gamma
    user@host# set access profile prof_1 client clientA firewall-user password pwd1
    user@host# set access profile prof_1 client clientB client-group alpha
    user@host# set access profile prof_1 client clientB client-group beta
    user@host# set access profile prof_1 client clientB firewall-user password pwd3
    user@host# set access profile prof_1 client clientC firewall-user password pwd4
    user@host# set access profile prof_1 client clientD firewall-user password pwd5
    user@host# set access profile prof_1 client clientE firewall-user password pwd2
  3. Configure client groups in the session options.
    user@host# set access profile prof_1 session-options client-group u1
    user@host# set access profile prof_1 session-options client-group alpha
    user@host# set access profile prof_1 session-options client-group gamma
    user@host# set access profile prof_1 session-options client-idle-timeout 255
    user@host# set access profile prof_1 session-options client-session-timeout 4
  4. Configure the IP address for the LDAP server and LDAP server options.
    user@host# set access profile prof_1 ldap-options base-distinguished-name
    CN=Users,DC=screenos,DC=spg,DC=juniper,DC=net
    user@host# set access profile prof_1 ldap-options search search-filter sAMAccountName=
    user@host# set access profile prof_1 ldap-options search admin-search distinguished-name
    cn=administrator,cn=users,dc=screenos,dc=spg,dc=juniper,dc=net
    user@host# set access profile prof_1 ldap-options search admin-search password pwd10
    cn=administrator,cn=users,dc=screenos,dc=spg,dc=juniper,dc=net
    user@host# set access profile prof_1 ldap-server 3.3.3.3
  5. Configure the IP addresses for the two RADIUS servers.
    user@host# set access profile prof_1 radius-server 4.4.4.4
    user@host# set access profile prof_1 radius-server 4.4.4.4 secret
    user@host# set access profile prof_1 radius-server 4.4.4.4 retry 10
    user@host# set access profile prof_1 radius-server 5.5.5.5 secret
  6. If you are finished configuring the device, commit the configuration.
  7. To check the configuration, see Verifying Firewall User Authentication
[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]