Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Announcement: Try the Ask AI chatbot for answers to your technical questions about Juniper products and solutions.

close
external-header-nav
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation Junos OS Junos CLI Reference CLI Reference S

Junos CLI Reference

keyboard_arrow_up
close
keyboard_arrow_left
Junos CLI Reference
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

show services user-identification authentication-table

date_range 05-Nov-24
arrow_backward
arrow_forward

Syntax

content_copy zoom_out_map
show services user-identification authentication-table
<authentication-source | counter | ip-address>
show services user-identification authentication-table authentication-source
<active-directory | all | aruba-clearpass | identity-management>
show services user-identification authentication-table authentication-source active-directory
<brief | domain | extensive | group | logical-system | root-logical-system |summary |user>
show services user-identification authentication-table authentication-source all 
<brief | domain | extensive |group | logical-system | root-logical-system |summary | user>
<domain domain>
<group (group-name | brief | domain | extensive | logical-system | root-logical-system | summary)>
<logical-system (logical-system-name| all)>
<node (node-id | all | local | primary)>
<root-logical-system (enter |brief | domain | extensive | node)>
<user (user-name | brief | domain | extensive | logical-system | node | root-logical-system | summary)>
show services user-identification authentication-table authentication-source active-directory
<brief | domain | extensive | group | logical-system | root-logical-system |summary |user>
show services user-identification authentication-table authentication-source identity-management source-name 
show services user-identification authentication-table authentication-source identity-management tenant <tenant-name> extensive
show services user-identification authentication-table counter
show services user-identification authentication-table ip-address
<summary>
<logical-system logical-system-name>
<root-logical-system>
<tenant tenant-name>
<node node-id>
<IP address ip-address>

Description

Display the user identity information authentication table entries for the specified authentication source. You can display the entire contents of the specified authentication source’s authentication table, or you can constrain the displayed information to a specific domain, group, or user based on the user name. You can also display identity information for a user based on the IP address of the user’s device. You can show brief or extensive information for all of these instances.

authentication-source

User authentication source whose authentication table or identity management server entries are to be displayed.

Authentication sources include:

active-directory

Display the SRX Series active-directory table contents. You can display all of the table’s contents or you can delimit the display of user identity information by domain, group, or user name. You can display brief or extensive information for each of these categories.

  • domain—Display the entries in the authentication table for the specified domain. You can display summary, group, or user entries for the specified domain.

  • group—Display the entries from the authentication table for the specified group.

  • user—Display the entries from the authentication table for the specified user based on the user name.

aruba-clearpass

Display the SRX Series Aruba ClearPass authentication table contents. You can display all of the table’s contents or you can delimit the display of user information by domain, group, or user name. You can display brief or extensive information for each of these categories.

  • domain—Display the entries in the authentication table for the specified domain. You can display summary, group, or user entries for the specified domain.

  • group—Display the entries from the authentication table for the specified group.

  • user—Display the entries from the authentication table for the specified user based on the user name.

identity-management

Display user identity entries contained in the identity-management authentication system.

  • source-name—Name of the identity -management source. This could be the Juniper Identity Management Service (JIMS) or any third-party authentication source.

    • If you specify a source, such as “JIMS – Active Directory” for Juniper Identity Management Service, the SRX Series Firewall will show entries only for that authentication source.

      Possible values include:

      • For JIMS: “JIMS – Active Directory”, “JIMS – Exchange”

      • For ClearPass: “Aruba ClearPass”

  • domain—Display the entries in the identity management system for the specified domain. You can display summary, group, or user entries for the specified domain.

  • group—Display the entries in the identity management system for the specified group.

  • user—Display the entries in the identity management system for the specified user based on the user name.

  • tenant—Display the entries in the identity management system for the specified tenant system.

Options

  • all—Summary of the authentication entry information for all entries.

  • group group-name—Entries from the authentication table or identity management system for the specified group.

  • ip-address ip-address—Entries from the authentication table or identity management system for the specified IP address.

  • user name—Entries from the authentication table for the specified username.

  • domain name—Summary, group, or user entries for the specified domain.

  • node—(Optional) For chassis cluster configurations, the summary, IP address, or user entries for a specific node.

    • node-id—Identification number of the node. It can be 0 or 1.

    • all—Display information about all nodes.

    • local—Display information about the local node.

    • primary—Display information about the primary node.

  • brief | extensive—Display the specified level of output (the default is brief).

  • logical-system—Display the authentication entries based on the logical system name.

  • root-logical-system—Display the authentication entries based on the root logical system.

  • tenant tanant-name—Display the authentication entries based on the specified tenant system name.

Required Privilege Level

view

Output Fields

Field Name

Field Description

Domain

Name of the domain that the users belong to. User identity and authentication information is display for all users who belong to the domain and for whom there are entries in the specified authentication source table or repository.

Total entries

Number of user entries in the authentication table, by domain.

For each entry:

Source IP

The IP address of the user’s device. If a user is logged in to the network with more than one device, a separate entry is created for the user for each device. It showing the devices IP address.

Username

The name by which the user is logged in to the network.

Groups

A list of the groups that the user belongs to. The list can include a group that identifies the device posture.

State

The state of the entry. There are four states for an authentication entry: initial, valid, invalid, and pending.

  • An initial state is a temporary state, and it can be created from either a valid or an invalid entry.

    The entry had not been pushed to the Packet Forwarding Engine.

  • A valid state indicates that the authentication entry has a valid IP address, domain, and username.

    The authentication entry is pushed to the Packet Forwarding Engine.

  • An invalid state indicates that the entry does not have a valid IP address, domain, and username. If the entry is invalid, it is put in the null domain.

  • A pending state indicates that the entry was created after the user query was sent and before the response was received. The IP address is being probed.

Source

Authentication source.

Access start date

The date when the authentication entry was created by the SRX Series Firewall.

Access start time

The time when the authentication entry was created by the SRX Series Firewall. The time value is in device local time zone.

Last updated timestamp

The time when the user information was created. This value is taken from the timestamp field in the user information. The time value is in device local time zone.

Age time

The time, in minutes, after which the entry expires, as configured by the authentication-entry-timeout statement. If a value of 0 was specified, the entry never expires.

Forced Age time

The rest value and the forced value.

This information is made available if you configure the firewall-authentication-forced-timeout statement for active directory.

Active Directory

show services user-identification active-directory-access active-directory-authentication-table ip-address

Output of this command displays authentication and identity information for a specific user based on the IP address of the user’s device.

content_copy zoom_out_map
user@host> show services user-identification active-directory-access active-directory-authentication-table ip-address 198.51.100.3.
Domain: ad.example.net
 Source-ip: 198.51.100.3
  Username: user1
  Groups:group1
  State: Valid
  Source: wmic
  Access start date: 2014-03-10
  Access start time: 13:59:56
  Age time: 1437

show services user-identification authentication-table ip-address

Output of this command displays authentication and identity information for a specific user based on the IP address of the user’s device.

content_copy zoom_out_map
user@host> show services user-identification authentication-table ip-address 2001:db8::1:1
Domain: ac.example.net
 Source-ip: 2001:db8::1:1
  Username: user1
  Groups:group1
  State: Valid
  Source: wmic
  Access start date: 2017-05-10
  Access start time: 13:59:56
  Age time: 1437

show services user-identification active-directory-access active-directory-authentication-table all

Output of this command displays user authentication and identity information for all users for whom there are entries in the active directory authentication table.

content_copy zoom_out_map
user@host> show services user-identification active-directory-access active-directory-authentication-table all 
Domain: www.engineering-example.net
Total count: 2
Source IP       Username      Groups          State   
198.51.100.22     u2           r1, r3, r4      initial
198.51.100.23     u3           r5, r6, r4      pending 

Domain: www.hr-example.net
Total count: 2
Source IP       Username      Groups          State   
 198.51.100.26    u4           r1, r3, r4      initial
 198.51.100.27    u5           r5, r6, r4      pending

show services user-identification active-directory-access active-directory-authentication-table all extensive

Output of this command, which specifies the extensive option, shows state and access information for all entries in the active directory authentication table, in addition to basic information displayed when the brief option is used and by default.

content_copy zoom_out_map
user@host> show services user-identification active-directory-access active-directory-authentication-table all extensive

Domain: www.mycompany-example.com
Total entries: 2

Source IP: 198.51.100.29
Username: u2
Groups: r1, r3, r4
State: inital
Access start date: 2013-05-22
Access start time: 10:56:58
Age time: 20 min

Source IP: 198.51.100.30
Username: u3
Groups: r5, r6, r4
State: pending
Access start date: 2013-05-22
Access start time: 10:56:58
Age time: 20 min

Domain: www.hr-example.net
Total entries: 2

Source IP: 198.51.100.31
Username: u2
Groups: r1, r3, r4
State: inital
Access start date: 2013-05-22
Access start time: 10:56:58
Age time: 20 min

Source IP: 198.51.100.32
Username: u3
Groups: r5, r6, r4
State: pending
Access start date: 2013-05-22
Access start time: 10:56:58
Age time: 20

show services user-identification active-directory-access active-directory-authentication-table all domain

Output of this command shows by default brief user identity and authentication information for all users for whom there are entries in the active directory authentication table and whose devices belong to the specified domain.

content_copy zoom_out_map
user@host> show services user-identification active-directory-access active-directory-authentication-table all domain www.mydomain-example.com
Domain: www.mydomain-example.com
Total count: 2
Source IP       Username      Groups          State   
 198.51.100.36    u2          r1, r3, r4      initial
 198.51.100.37    u3          r5, r6, r4      pending

Capacity of User-Identification Authentication Table

There is a certain limit for maximum number of authentication entries in user-identification authentication table. For example, the maximum capacity in user-identification authentication table is set at 5000 auth-entries for vSRX3 firewall and 2,56,000 auth-entries for SRX5000 line firewalls.

When the user-identification authentication table has maximum number of authentication entries, ip-probe will be disabled and ip-query cannot be sent for any new incoming sessions. The ip-probe gets enabled only after authentication table entry count reduces to 90 % of the the total capacity. When SRX user-identification authentication table has reached its capacity, the new authentication entries gets added only through batch response from JIMS or event log from Active Directory. When new authentication entry gets added, the LRU (last recently used) authentication entry with similar state gets deleted only if there are no active sessions associated with the LRU. The new authentication entry is then added in the authentication table. When no such LRU is found, the new authentication entry gets discarded.

All Authentication Sources

Output of this command shows extensive user identity and authentication information for all users with entries in authentication tables of any authentication source. This example shows only one entry to illustrate the content that is displayed with the extensive option.

content_copy zoom_out_map
user@host> show services user-identification authentication-table authentication-source all extensive
Domain: ad-userfw-example.net
       Total entries: 1
       Source-ip: 198.51.100.1/24        
       Username: administrator
       State: Valid
       Source: firewall-authentication
       Access start date: 2016-10-27
       Access start time: 09:30:27
       Age time: 30

command-name

content_copy zoom_out_map
user@host> show services user-identification authentication-table authentication-source all logical-system 
lsys1
node0:
--------------------------------------------------------------------------
Logical System: root-logical-system

Domain: ad2012.jims.com
Total entries: 18003
Source IP       Username       groups(Ref by policy)          state
bbbb:bbbb:bbbb: jimsuser18000                                 Valid
bbbb:bbbb:bbbb: jimsuser17999                                 Valid
bbbb:bbbb:bbbb: jimsuser17998                                 Valid
bbbb:bbbb:bbbb: jimsuser17997                                 Valid
bbbb:bbbb:bbbb: jimsuser17996                                 Valid
bbbb:bbbb:bbbb: jimsuser17995                                 Valid
bbbb:bbbb:bbbb: jimsuser17994                                 Valid
bbbb:bbbb:bbbb: jimsuser17993                                 Valid

command-name

content_copy zoom_out_map
user@host> show services user-identification authentication-table authentication-source all root-logical-system 
node0:
--------------------------------------------------------------------------
Logical System: root-logical-system

Domain: ad2012.jims.com
Total entries: 18003
Source IP       Username       groups(Ref by policy)          state
bbbb:bbbb:bbbb: jimsuser10745
bbbb:bbbb:bbbb: jimsuser18000                                 Valid
bbbb:bbbb:bbbb: jimsuser17999                                 Valid
bbbb:bbbb:bbbb: jimsuser17998                                 Valid
bbbb:bbbb:bbbb: jimsuser17997                                 Valid
bbbb:bbbb:bbbb: jimsuser17996                                 Valid
bbbb:bbbb:bbbb: jimsuser17995                                 Valid
bbbb:bbbb:bbbb: jimsuser17994                                 Valid
bbbb:bbbb:bbbb: jimsuser17993                                 Valid
bbbb:bbbb:bbbb: jimsuser17992                                 Valid
user@host> show services user-identification authentication-table authentication-source all node 0
node0:
--------------------------------------------------------------------------
Logical System: root-logical-system

Domain: ad2012.jims.com
Total entries: 18003
Source IP       Username       groups(Ref by policy)          state
bbbb:bbbb:bbbb: jimsuser14716
bbbb:bbbb:bbbb: jimsuser18000                                 Valid
bbbb:bbbb:bbbb: jimsuser17999                                 Valid
bbbb:bbbb:bbbb: jimsuser17998                                 Valid
bbbb:bbbb:bbbb: jimsuser17997                                 Valid
bbbb:bbbb:bbbb: jimsuser17996                                 Valid
bbbb:bbbb:bbbb: jimsuser17995                                 Valid
bbbb:bbbb:bbbb: jimsuser17994                                 Valid
bbbb:bbbb:bbbb: jimsuser17993                                 Valid

command-name

content_copy zoom_out_map
user@host> show services user-identification authentication-table authentication-source all node 0 logical-system lsys1
node0:
--------------------------------------------------------------------------
Logical System: root-logical-system

Domain: ad2012.jims.com
Total entries: 18003
Source IP       Username       groups(Ref by policy)          state
bbbb:bbbb:bbbb: jimsuser18000                                 Valid
bbbb:bbbb:bbbb: jimsuser17999                                 Valid
bbbb:bbbb:bbbb: jimsuser17998                                 Valid
bbbb:bbbb:bbbb: jimsuser17997                                 Valid
bbbb:bbbb:bbbb: jimsuser17996                                 Valid
bbbb:bbbb:bbbb: jimsuser17995                                 Valid
bbbb:bbbb:bbbb: jimsuser17994                                 Valid
bbbb:bbbb:bbbb: jimsuser17993                                 Valid
bbbb:bbbb:bbbb: jimsuser17992                                 Valid

command-name

content_copy zoom_out_map
user@host> show services user-identification authentication-table authentication-source all node 0
node0:
--------------------------------------------------------------------------
Logical System: root-logical-system

Domain: ad2012.jims.com
Total entries: 18003
Source IP       Username       groups(Ref by policy)          state
bbbb:bbbb:bbbb: jimsuser1213
bbbb:bbbb:bbbb: jimsuser18000                                 Valid
bbbb:bbbb:bbbb: jimsuser17999                                 Valid
bbbb:bbbb:bbbb: jimsuser17998                                 Valid
bbbb:bbbb:bbbb: jimsuser17997                                 Valid
bbbb:bbbb:bbbb: jimsuser17996                                 Valid
bbbb:bbbb:bbbb: jimsuser17995                                 Valid
bbbb:bbbb:bbbb: jimsuser17994                                 Valid
bbbb:bbbb:bbbb: jimsuser17993                                 Valid

show services user-identification authentication-table authentication-source all all-logical-systems-tenants

Output of this command displays brief user authentication and identity information for all users for whom there are entries in the identity-management authentication source.

content_copy zoom_out_map
user@host> show services user-identification authentication-table authentication-source all all-logical-systems-tenants
node0:
--------------------------------------------------------------------------
Logical System: ld1
Domain: ad03.net
Total entries: 4
Source IP       Username       groups(Ref by policy)          state
12.0.0.2        administrator  posture-healthy                Valid         
12.0.0.15       administrator  posture-healthy                Valid         
3000::5         N/A            posture-healthy                Valid         
2001:db8:::302b N/A        posture-healthy                Valid         

Logical System: tn1
Domain: ad03.net
Total entries: 4
Source IP       Username       groups(Ref by policy)          state
12.0.0.2        administrator  posture-healthy                Valid         
12.0.0.15       administrator  posture-healthy                Valid         
3000::5         N/A            posture-healthy                Valid         
2001:db8:::302b N/A            posture-healthy                Valid

Aruba ClearPass

show services user-identification authentication-table authentication-source aruba-clearpass domain extensive

Output of this command shows extensive user identity and authentication information, when Aruba ClearPass is used as the authentication source, for all users whose devices belong to the GLOBAL domain.

content_copy zoom_out_map
user@host> show services user-identification authentication-table authentication-source aruba-clearpass domain GLOBAL extensive
Domain: GLOBAL
Total entries: 7
  Source-ip: 203.0.113.21
    Username: vikiyr
    Groups:posture-healthy, accounting-grp, accounting-grp-and-company-device,
    corporate-limited, [user authenticated]
    Groups referenced by policy:accounting-grp-and-company-device,
    corporate-limited
    State: Valid
    Source: Aruba ClearPass
    Access start date: 2016-03-08
    Access start time: 17:20:30
    Last updated timestamp: 2015-12-22 04:02:48
    Age time: 0
  Source-ip: 203.0.113.89
    Username: abewhfy
    Groups:posture-unknown, marketing-access-limited-grp, [user authenticated]
    Groups referenced by policy:marketing-access-limited-grp
    State: Valid
    Source: Aruba ClearPass
    Access start date: 2016-03-08
    Access start time: 17:31:40
    Last updated timestamp: 2015-12-22 04:18:48
    Age time: 0
  Source-ip: 203.0.113.52
    Username: jjxchan
    Groups:posture-healthy, marketing-access-for-pcs-limited-group,
    marketing-general, sales-limited, corporate-limited, [user authenticated]
    Groups referenced by policy:marketing-access-for-pcs-limited-group,
    corporate-limited
    State: Valid
    Source: Aruba ClearPass
    Access start date: 2016-03-08
    Access start time: 17:22:48
    Last updated timestamp: 2015-12-22 05:46:21
    Age time: 0
  Source-ip: 203.0.113.53
    Username: ltchen1
    Groups:posture-healthy, human-resources-grp, accounting-limited,
    corporate-limited, [user authenticated]
    Groups referenced by policy:corporate-limited
    State: Valid
    Source: Aruba ClearPass
    Access start date: 2016-03-08
    Access start time: 17:21:37
    Last updated timestamp: 2015-12-22 05:41:18
    Age time: 0
  Source-ip: 203.0.113.54
    Username: guest1
    Groups:posture-healthy, guest, [user authenticated]
    State: Valid
    Source: Aruba ClearPass
    Access start date: 2016-03-08
    Access start time: 17:23:10
    Last updated timestamp: 2015-12-22 05:50:47
    Age time: 0
  Source-ip: 203.0.113.55
    Username: guest2
    Groups:posture-healthy, guest-device-byod, [user authenticated]
    State: Valid
    Source: Aruba ClearPass
    Access start date: 2016-03-08
    Access start time: 17:23:21
    Last updated timestamp: 2015-12-22 05:52:44
    Age time: 0
  Source-ip: 2001:db8:4136:e378:8000:63bf:3fff:fdd2
    Username: guest3
    Groups:posture-healthy, guest-device-grp, [user authenticated]
    State: Valid
    Source: Aruba ClearPass
    Access start date: 2016-03-08
    Access start time: 17:23:21
    Last updated timestamp: 2015-12-22 05:52:44
    Age time: 0

show services user-identification authentication-table authentication-source aruba-clearpass domain brief

Output of this command shows brief user identity and authentication information for users whose devices belong to the GLOBAL domain.

If you do not specify brief, the same information would be displayed. The default behavior is to show brief output.

content_copy zoom_out_map
user@host> show services user-identification authentication-table authentication-source aruba-clearpass domain GLOBAL brief

Domain: GLOBAL
Total entries: 6
Source IP                                Username       groups(Ref by policy)          state
203.0.113.71                             taviki2          accounting-grp-and-company-dev  Valid
203.0.113.89                             gabewb1          marketing-access-limited-grp    Valid
203.0.113.92                             tljxchan         marketing-access-for-pcs-limit  Valid
203.0.113.93                             tjlchen1         corporate-limited               Valid
203.0.113.94                             guest1                                           Valid
203.0.113.95                             guest2                                           Valid
2001:db8:4136:e378:8000:63bf:3fff:fdd2   guest2                                           Valid

show services user-identification authentication-table authentication-source aruba-clearpass extensive

Output of the following command shows extensive user identity and authentication information for all users authenticated by Aruba ClearPass for whom entries exist in the aruba-clearpass authentication table.

content_copy zoom_out_map
user@host> show services user-identification authentication-table authentication-source aruba-clearpass extensive 

Domain: GLOBAL
Total entries: 7
  Source-ip: 203.0.113.31
    Username: vjki2
    Groups:posture-healthy, accounting-grp, accounting-grp-and-company-device,
    corporate-limited, [user authenticated]
    Groups referenced by policy:accounting-grp-and-company-device,
    corporate-limited
    State: Valid
    Source: Aruba ClearPass
    Access start date: 2016-03-08
    Access start time: 17:20:30
    Last updated timestamp: 2015-12-22 04:02:48
    Age time: 0
  Source-ip: 203.0.113.89
    Username: labew11
    Groups:posture-unknown, marketing-access-limited-grp, [user authenticated]
    Groups referenced by policy:marketing-access-limited-grp
    State: Valid
    Source: Aruba ClearPass
    Access start date: 2016-03-08
    Access start time: 17:31:40
    Last updated timestamp: 2015-12-22 04:18:48
    Age time: 0
  Source-ip: 203.0.113.62
    Username: dxchan45
    Groups:posture-healthy, marketing-access-for-pcs-limited-group,
    marketing-general, sales-limited, corporate-limited, [user authenticated]
    Groups referenced by policy:marketing-access-for-pcs-limited-group,
    corporate-limited
    State: Valid
    Source: Aruba ClearPass
    Access start date: 2016-03-08
    Access start time: 17:22:48
    Last updated timestamp: 2015-12-22 05:46:21
    Age time: 0
  Source-ip: 2001:db8:4136:e378:8000:63bf:3fff:fdd2
    Username: efchan47
    Groups:posture-healthy, marketing-access-for-pcs-limited-group,
    marketing-general, sales-limited, corporate-limited, [user authenticated]
    Groups referenced by policy:marketing-access-for-pcs-limited-group,
    corporate-limited
    State: Valid
    Source: Aruba ClearPass
    Access start date: 2016-03-08
    Access start time: 17:22:48
    Last updated timestamp: 2015-12-22 05:46:21
    Age time: 0
  Source-ip: 203.0.113.83
    Username: ljhen1
    Groups:posture-healthy, human-resources-grp, accounting-limited,
    corporate-limited, [user authenticated]
    Groups referenced by policy:corporate-limited
    State: Valid
    Source: Aruba ClearPass
    Access start date: 2016-03-08
    Access start time: 17:21:37
    Last updated timestamp: 2015-12-22 05:41:18
    Age time: 0
  Source-ip: 203.0.113.34
    Username: guest1
    Groups:posture-healthy, guest, [user authenticated]
    State: Valid
    Source: Aruba ClearPass
    Access start date: 2016-03-08
    Access start time: 17:23:10
    Last updated timestamp: 2015-12-22 05:50:47
    Age time: 0
  Source-ip: 203.0.113.95
    Username: guest2
    Groups:posture-healthy, guest-device-byod, [user authenticated]
    State: Valid
    Source: Aruba ClearPass
    Access start date: 2016-03-08
    Access start time: 17:23:21
    Last updated timestamp: 2015-12-22 05:52:44
    Age time: 0

Identity Management

show services user-identification authentication-table authentication-source identity-management brief

Output of this command displays brief user authentication and identity information for all users for whom there are entries in the identity-management authentication source.

content_copy zoom_out_map
user@host> show services user-identification authentication-table authentication-source identity-management brief
Domain: ad-domaine-example.net
Total entries: 5
Source IP       Username       groups(Ref by policy)           state
198.51.100.63    N/A                                           Valid
203.0.113.30     administrator                                 Valid
203.0.113.18     N/A                                           Valid
198.51.100.69    N/A                                           Valid
198.51.100.66    administrator                                 Valid
 
Domain: NULL
Total entries: 1
Source IP       Username       groups(Ref by policy

show services user-identification authentication-table authentication-source identity-management extensive

Output of this command displays extensive user authentication and identity information for all users for whom there are entries in the identity-management authentication source.

content_copy zoom_out_map
user@host> show services user-identification authentication-table authentication-source identity-management extensive
Domain: ad-domain2-example.net
Total entries: 5
  Source-ip: 198.51.100.63
    Username: N/A
    Groups:posture-healthy
    State: Valid
    Source: JIMS - Active Directory
    Access start date: 2017-06-05
    Access start time: 09:28:45
    Last updated timestamp: 2017-06-06 08:41:56
    Age time: 0
  Source-ip: 198.51.100.66
    Username: administrator
    Groups:posture-healthy, group policy creator owners, enterprise admins, schema admins, domain admins, 
    administrators, denied rodc password replication group
    State: Valid
    Source: JIMS - Active Directory
    Access start date: 2017-06-05
    Access start time: 09:23:44
    Last updated timestamp: 2017-06-06 08:11:45
    Age time: 0

show services user-identification authentication-table authentication-source all extensive

Output of this command, which specifies the extensive option, shows state and access information for all entries.

content_copy zoom_out_map
user@host> show services user-identification authentication-table authentication-source identity-management extensive
Domain: jims-dom1.local
Total entries: 1
Source-ip: 2001:db8:4136:e378:8000:63bf:3fff:fdd2
Username: user1
Groups:posture-healthy
Groups referenced by policy:posture-healthy
State: Valid
Source: JIMS - Active Directory
Access start date: 2017-08-23
Access start time: 15:06:32
Last updated timestamp: 2017-06-07 02:50:10
Age time: 30

Identity Management

show services user-identification authentication-table authentication-source identity-management brief

Output of this command displays brief user authentication and identity information for all users for whom there are entries in the identity-management authentication source.

content_copy zoom_out_map
user@host> show services user-identification authentication-table authentication-source identity-management brief
Domain: ad-domaine-example.net
Total entries: 5
Source IP       Username       groups(Ref by policy)           state
198.51.100.63    N/A                                           Valid
203.0.113.30     administrator                                 Valid
203.0.113.18     N/A                                           Valid
198.51.100.69    N/A                                           Valid
198.51.100.66    administrator                                 Valid
 
Domain: NULL
Total entries: 1
Source IP       Username       groups(Ref by policy

show services user-identification authentication-table authentication-source identity-management extensive

Output of this command displays extensive user authentication and identity information for all users for whom there are entries in the identity-management authentication source.

content_copy zoom_out_map
user@host> show services user-identification authentication-table authentication-source identity-management extensive
Domain: ad-domain2-example.net
Total entries: 5
  Source-ip: 198.51.100.63
    Username: N/A
    Groups:posture-healthy
    State: Valid
    Source: JIMS - Active Directory
    Access start date: 2017-06-05
    Access start time: 09:28:45
    Last updated timestamp: 2017-06-06 08:41:56
    Age time: 0
  Source-ip: 198.51.100.66
    Username: administrator
    Groups:posture-healthy, group policy creator owners, enterprise admins, schema admins, domain admins, 
    administrators, denied rodc password replication group
    State: Valid
    Source: JIMS - Active Directory
    Access start date: 2017-06-05
    Access start time: 09:23:44
    Last updated timestamp: 2017-06-06 08:11:45
    Age time: 0

show services user-identification authentication-table authentication-source identity-management tenant tn1 extensive

Output of this command, which specifies the extensive option, shows state and access information for all entries.

content_copy zoom_out_map
user@host> show services user-identification authentication-table authentication-source identity-management tenant tn1 extensive
node0:
--------------------------------------------------------------------------
Logical System: root-logical-system

Domain: ad03.net
Total entries: 4
  Source-ip: 12.0.0.15
    Username: administrator
    Groups:posture-healthy, admin, group policy creator owners, domain admins, enterprise admins, schema admins, administrators, denied rodc password replication group
    State: Valid
    Source: JIMS - Active Directory
    Access start date: 2017-12-05
    Access start time: 09:36:30
    Last updated timestamp: 2017-12-04 15:45:51
    Age time: 0
  Source-ip: 3000::12
    Username: jasonlee
    Groups:posture-healthy, domain users, users, group1
    State: Valid
    Source: JIMS - Active Directory
    Access start date: 2017-12-05
    Access start time: 09:36:30
    Last updated timestamp: 2017-12-04 15:46:46
    Age time: 0
  Source-ip: 3000::5
    Username: N/A
    Groups:posture-healthy
    State: Valid
    Source: JIMS - Active Directory
    Access start date: 2017-12-05
    Access start time: 09:36:30
    Last updated timestamp: 2017-12-04 16:01:18
    Age time: 0
  Source-ip: fe80::342c:302b:6cb4:e109
    Username: N/A
    Groups:posture-healthy
    State: Valid
    Source: JIMS - Active Directory
    Access start date: 2017-12-05
    Access start time: 09:36:30
Last updated timestamp: 2017-12-04 16:01:14
Age time: 0

Firewall Authentication Forced Age Timeout

Output shows the “Forced Age timeout” value is displayed when the firewall authentication forced timeout function is configured, but only for when the extensive option is used. The value shows the remaining time left based on the forced timeout setting.

show services user-identification authentication-table authentication-source all extensive

content_copy zoom_out_map
user@host> show services user-identification authentication-table authentication-source all extensive
Domain: ad-userfw.net
Total entries: 1
  Source-ip: 198.51.100.98
    Username: administrator
    State: Valid
    Source: firewall-authentication
    Access start date: 2016-10-27
    Access start time: 09:30:27
    Age time: 30
    Forced Age time:  30/180

Release Information

Command introduced in Junos OS Release 12.

Support for Aruba ClearPass added in Junos OS release 12.3X48-D30.

Support added for identity-management as an authentication source in Junos OS Release 15.1X49-D100.

Support added for logical-system for authentication-source all in Junos OS Release 18.2R1.

Support added for tenant system for authentication-source identity management in Junos OS Release 19.1R1.

arrow_backward PREVIOUS show services user-identification active-directory-access user-group-mapping
NEXT arrow_forward show services user-identification device-information table
external-footer-nav