authentication-order (Access Profile)
Syntax
authentication-order [(none | ldap | password | radius | s6a | saml | secureid)];
Description
Configure the order of authentication, authorization, and accounting (AAA) methods to use while sending authentication messages.
Default
Not enabled
Options
none
—No authentication for specified users.
When you enable none
authentication option, the SRX Series Firewall
no longer requires the RADIUS server to authenticate the initiator again with the
common shared password used for IKEv2 configuration payload. This is because, the
SRX Series Firewall already authenticates the remote peer using a certificated-based
authentication. You can use this AAA profile in different combinations, but ensure
that it is not used where you do not use a pre-authentication.
For example: Consider a scenario, where to establish a connection from a client to
secure gateway IPsec tunnels, client is authenticated using certificates method as
per IKE protocol.
For
simplicity, if you do not prefer dependency on RADIUS server and use local pool for
address acquisition without any additional authentication, you can configure the
“aaa” profile in IKE gateway hierarchy and set the
authentication-order
value as none
in the
access profile, as follows:
set access profile profile-name authentication-order none set security ike gateway gateway name aaa access-profile profile-name
To start the Radius Accounting, use the following commands:
set access profile profile-anme radius-server 172.16.0.0 secret "$ABC123" set access profile profile-name radius accounting-server 172.16.0.0 set access profile profile-name accounting order radius
ldap
—Light weight directory access protocol.
password
—Locally configured password in access profile.
radius
—RADIUS authentication.
s6a
—S6a authentication
saml
—Security Assertion Markup
Language
securid
—RSA Secure ID authentication.
Required Privilege Level
admin—To view this statement in the configuration. admin-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.0.
none
option introduced in Junos OS Release 20.3R1.
saml
option added in Junos OS Release 24.4R1.