show services user-identification authentication-table
Syntax
show services user-identification authentication-table <authentication-source | counter | ip-address> show services user-identification authentication-table authentication-source <active-directory | all | aruba-clearpass | identity-management> show services user-identification authentication-table authentication-source active-directory <brief | domain | extensive | group | logical-system | root-logical-system |summary |user> show services user-identification authentication-table authentication-source all <brief | domain | extensive |group | logical-system | root-logical-system |summary | user> <domain domain> <group (group-name | brief | domain | extensive | logical-system | root-logical-system | summary)> <logical-system (logical-system-name| all)> <node (node-id | all | local | primary)> <root-logical-system (enter |brief | domain | extensive | node)> <user (user-name | brief | domain | extensive | logical-system | node | root-logical-system | summary)> show services user-identification authentication-table authentication-source active-directory <brief | domain | extensive | group | logical-system | root-logical-system |summary |user> show services user-identification authentication-table authentication-source identity-management source-name show services user-identification authentication-table authentication-source identity-management tenant <tenant-name> extensive show services user-identification authentication-table counter show services user-identification authentication-table ip-address <summary> <logical-system logical-system-name> <root-logical-system> <tenant tenant-name> <node node-id> <IP address ip-address>
Description
Display the user identity information authentication table entries for the specified authentication source. You can display the entire contents of the specified authentication source’s authentication table, or you can constrain the displayed information to a specific domain, group, or user based on the user name. You can also display identity information for a user based on the IP address of the user’s device. You can show brief or extensive information for all of these instances.
authentication-source | User authentication source whose authentication table or identity management server entries are to be displayed. Authentication sources include:
|
Options
all
—Summary of the authentication entry information for all entries.group group-name
—Entries from the authentication table or identity management system for the specified group.ip-address ip-address
—Entries from the authentication table or identity management system for the specified IP address.user name
—Entries from the authentication table for the specified username.domain name
—Summary, group, or user entries for the specified domain.node
—(Optional) For chassis cluster configurations, the summary, IP address, or user entries for a specific node.node-id
—Identification number of the node. It can be 0 or 1.all
—Display information about all nodes.local
—Display information about the local node.primary
—Display information about the primary node.
brief | extensive
—Display the specified level of output (the default is brief).logical-system
—Display the authentication entries based on the logical system name.root-logical-system
—Display the authentication entries based on the root logical system.tenant tanant-name
—Display the authentication entries based on the specified tenant system name.
Required Privilege Level
view
Output Fields
Field Name |
Field Description |
---|---|
Domain |
Name of the domain that the users belong to. User identity and authentication information is display for all users who belong to the domain and for whom there are entries in the specified authentication source table or repository. |
Total entries |
Number of user entries in the authentication table, by domain. |
For each entry: |
|
Source IP |
The IP address of the user’s device. If a user is logged in to the network with more than one device, a separate entry is created for the user for each device. It showing the devices IP address. |
Username |
The name by which the user is logged in to the network. |
Groups |
A list of the groups that the user belongs to. The list can include a group that identifies the device posture. |
State |
The state of the entry. There are four states for an authentication entry: initial, valid, invalid, and pending.
|
Source |
Authentication source. |
Access start date |
The date when the authentication entry was created by the SRX Series Firewall. |
Access start time |
The time when the authentication entry was created by the SRX Series Firewall. The time value is in device local time zone. |
Last updated timestamp |
The time when the user information was created. This value is taken from the timestamp field in the user information. The time value is in device local time zone. |
Age time |
The time, in minutes, after which the entry expires, as configured by the authentication-entry-timeout statement. If a value of 0 was specified, the entry never expires. |
Forced Age time |
The rest value and the forced value. This information is made available if you configure the firewall-authentication-forced-timeout statement for active directory. |
Active Directory
- show services user-identification active-directory-access active-directory-authentication-table ip-address
- show services user-identification authentication-table ip-address
- show services user-identification active-directory-access active-directory-authentication-table all
- show services user-identification active-directory-access active-directory-authentication-table all extensive
- show services user-identification active-directory-access active-directory-authentication-table all domain
- Capacity of User-Identification Authentication Table
- All Authentication Sources
- command-name
- command-name
- command-name
- command-name
- show services user-identification authentication-table authentication-source all all-logical-systems-tenants
- Aruba ClearPass
- show services user-identification authentication-table authentication-source aruba-clearpass domain brief
- show services user-identification authentication-table authentication-source aruba-clearpass extensive
show services user-identification active-directory-access active-directory-authentication-table ip-address
Output of this command displays authentication and identity information for a specific user based on the IP address of the user’s device.
user@host> show services user-identification active-directory-access active-directory-authentication-table ip-address 198.51.100.3. Domain: ad.example.net Source-ip: 198.51.100.3 Username: user1 Groups:group1 State: Valid Source: wmic Access start date: 2014-03-10 Access start time: 13:59:56 Age time: 1437
show services user-identification authentication-table ip-address
Output of this command displays authentication and identity information for a specific user based on the IP address of the user’s device.
user@host> show services user-identification authentication-table ip-address 2001:db8::1:1 Domain: ac.example.net Source-ip: 2001:db8::1:1 Username: user1 Groups:group1 State: Valid Source: wmic Access start date: 2017-05-10 Access start time: 13:59:56 Age time: 1437
show services user-identification active-directory-access active-directory-authentication-table all
Output of this command displays user authentication and identity information for all users for whom there are entries in the active directory authentication table.
user@host> show services user-identification active-directory-access active-directory-authentication-table all Domain: www.engineering-example.net Total count: 2 Source IP Username Groups State 198.51.100.22 u2 r1, r3, r4 initial 198.51.100.23 u3 r5, r6, r4 pending Domain: www.hr-example.net Total count: 2 Source IP Username Groups State 198.51.100.26 u4 r1, r3, r4 initial 198.51.100.27 u5 r5, r6, r4 pending
show services user-identification active-directory-access active-directory-authentication-table all extensive
Output of this command, which specifies the extensive
option, shows state and access information for all entries in the
active directory authentication table, in addition to basic information
displayed when the brief
option is used and by default.
user@host> show services user-identification active-directory-access active-directory-authentication-table all extensive Domain: www.mycompany-example.com Total entries: 2 Source IP: 198.51.100.29 Username: u2 Groups: r1, r3, r4 State: inital Access start date: 2013-05-22 Access start time: 10:56:58 Age time: 20 min Source IP: 198.51.100.30 Username: u3 Groups: r5, r6, r4 State: pending Access start date: 2013-05-22 Access start time: 10:56:58 Age time: 20 min Domain: www.hr-example.net Total entries: 2 Source IP: 198.51.100.31 Username: u2 Groups: r1, r3, r4 State: inital Access start date: 2013-05-22 Access start time: 10:56:58 Age time: 20 min Source IP: 198.51.100.32 Username: u3 Groups: r5, r6, r4 State: pending Access start date: 2013-05-22 Access start time: 10:56:58 Age time: 20
show services user-identification active-directory-access active-directory-authentication-table all domain
Output of this command shows by default brief user identity and authentication information for all users for whom there are entries in the active directory authentication table and whose devices belong to the specified domain.
user@host> show services user-identification active-directory-access active-directory-authentication-table all domain www.mydomain-example.com Domain: www.mydomain-example.com Total count: 2 Source IP Username Groups State 198.51.100.36 u2 r1, r3, r4 initial 198.51.100.37 u3 r5, r6, r4 pending
Capacity of User-Identification Authentication Table
There is a certain limit for maximum number of authentication entries in user-identification authentication table. For example, the maximum capacity in user-identification authentication table is set at 5000 auth-entries for vSRX3 firewall and 2,56,000 auth-entries for SRX5000 line firewalls.
When the user-identification authentication table has maximum number of authentication
entries, ip-probe
will be disabled and ip-query
cannot
be sent for any new incoming sessions. The ip-probe
gets enabled only
after authentication table entry count reduces to 90 % of the the total capacity. When SRX
user-identification authentication table has reached its capacity, the new authentication
entries gets added only through batch response from JIMS or event log from Active
Directory. When new authentication entry gets added, the LRU (last recently used)
authentication entry with similar state gets deleted only if there are no active sessions
associated with the LRU. The new authentication entry is then added in the authentication
table. When no such LRU is found, the new authentication entry gets
discarded.
All Authentication Sources
Output of this command shows extensive user identity and authentication information for all users with entries in authentication tables of any authentication source. This example shows only one entry to illustrate the content that is displayed with the extensive option.
user@host> show services user-identification authentication-table authentication-source all extensive Domain: ad-userfw-example.net Total entries: 1 Source-ip: 198.51.100.1/24 Username: administrator State: Valid Source: firewall-authentication Access start date: 2016-10-27 Access start time: 09:30:27 Age time: 30
command-name
user@host> show services user-identification authentication-table authentication-source all logical-system lsys1 node0: -------------------------------------------------------------------------- Logical System: root-logical-system Domain: ad2012.jims.com Total entries: 18003 Source IP Username groups(Ref by policy) state bbbb:bbbb:bbbb: jimsuser18000 Valid bbbb:bbbb:bbbb: jimsuser17999 Valid bbbb:bbbb:bbbb: jimsuser17998 Valid bbbb:bbbb:bbbb: jimsuser17997 Valid bbbb:bbbb:bbbb: jimsuser17996 Valid bbbb:bbbb:bbbb: jimsuser17995 Valid bbbb:bbbb:bbbb: jimsuser17994 Valid bbbb:bbbb:bbbb: jimsuser17993 Valid
command-name
user@host> show services user-identification authentication-table authentication-source all root-logical-system node0: -------------------------------------------------------------------------- Logical System: root-logical-system Domain: ad2012.jims.com Total entries: 18003 Source IP Username groups(Ref by policy) state bbbb:bbbb:bbbb: jimsuser10745 bbbb:bbbb:bbbb: jimsuser18000 Valid bbbb:bbbb:bbbb: jimsuser17999 Valid bbbb:bbbb:bbbb: jimsuser17998 Valid bbbb:bbbb:bbbb: jimsuser17997 Valid bbbb:bbbb:bbbb: jimsuser17996 Valid bbbb:bbbb:bbbb: jimsuser17995 Valid bbbb:bbbb:bbbb: jimsuser17994 Valid bbbb:bbbb:bbbb: jimsuser17993 Valid bbbb:bbbb:bbbb: jimsuser17992 Valid user@host> show services user-identification authentication-table authentication-source all node 0 node0: -------------------------------------------------------------------------- Logical System: root-logical-system Domain: ad2012.jims.com Total entries: 18003 Source IP Username groups(Ref by policy) state bbbb:bbbb:bbbb: jimsuser14716 bbbb:bbbb:bbbb: jimsuser18000 Valid bbbb:bbbb:bbbb: jimsuser17999 Valid bbbb:bbbb:bbbb: jimsuser17998 Valid bbbb:bbbb:bbbb: jimsuser17997 Valid bbbb:bbbb:bbbb: jimsuser17996 Valid bbbb:bbbb:bbbb: jimsuser17995 Valid bbbb:bbbb:bbbb: jimsuser17994 Valid bbbb:bbbb:bbbb: jimsuser17993 Valid
command-name
user@host> show services user-identification authentication-table authentication-source all node 0 logical-system lsys1 node0: -------------------------------------------------------------------------- Logical System: root-logical-system Domain: ad2012.jims.com Total entries: 18003 Source IP Username groups(Ref by policy) state bbbb:bbbb:bbbb: jimsuser18000 Valid bbbb:bbbb:bbbb: jimsuser17999 Valid bbbb:bbbb:bbbb: jimsuser17998 Valid bbbb:bbbb:bbbb: jimsuser17997 Valid bbbb:bbbb:bbbb: jimsuser17996 Valid bbbb:bbbb:bbbb: jimsuser17995 Valid bbbb:bbbb:bbbb: jimsuser17994 Valid bbbb:bbbb:bbbb: jimsuser17993 Valid bbbb:bbbb:bbbb: jimsuser17992 Valid
command-name
user@host> show services user-identification authentication-table authentication-source all node 0 node0: -------------------------------------------------------------------------- Logical System: root-logical-system Domain: ad2012.jims.com Total entries: 18003 Source IP Username groups(Ref by policy) state bbbb:bbbb:bbbb: jimsuser1213 bbbb:bbbb:bbbb: jimsuser18000 Valid bbbb:bbbb:bbbb: jimsuser17999 Valid bbbb:bbbb:bbbb: jimsuser17998 Valid bbbb:bbbb:bbbb: jimsuser17997 Valid bbbb:bbbb:bbbb: jimsuser17996 Valid bbbb:bbbb:bbbb: jimsuser17995 Valid bbbb:bbbb:bbbb: jimsuser17994 Valid bbbb:bbbb:bbbb: jimsuser17993 Valid
show services user-identification authentication-table authentication-source all all-logical-systems-tenants
Output of this command displays brief user authentication and identity information for all users for whom there are entries in the identity-management authentication source.
user@host> show services user-identification authentication-table authentication-source all all-logical-systems-tenants node0: -------------------------------------------------------------------------- Logical System: ld1 Domain: ad03.net Total entries: 4 Source IP Username groups(Ref by policy) state 12.0.0.2 administrator posture-healthy Valid 12.0.0.15 administrator posture-healthy Valid 3000::5 N/A posture-healthy Valid 2001:db8:::302b N/A posture-healthy Valid Logical System: tn1 Domain: ad03.net Total entries: 4 Source IP Username groups(Ref by policy) state 12.0.0.2 administrator posture-healthy Valid 12.0.0.15 administrator posture-healthy Valid 3000::5 N/A posture-healthy Valid 2001:db8:::302b N/A posture-healthy Valid
Aruba ClearPass
show services user-identification authentication-table authentication-source aruba-clearpass domain extensive
Output of this command shows extensive user identity and authentication information, when Aruba ClearPass is used as the authentication source, for all users whose devices belong to the GLOBAL domain.
user@host> show services user-identification authentication-table authentication-source aruba-clearpass domain GLOBAL extensive Domain: GLOBAL Total entries: 7 Source-ip: 203.0.113.21 Username: vikiyr Groups:posture-healthy, accounting-grp, accounting-grp-and-company-device, corporate-limited, [user authenticated] Groups referenced by policy:accounting-grp-and-company-device, corporate-limited State: Valid Source: Aruba ClearPass Access start date: 2016-03-08 Access start time: 17:20:30 Last updated timestamp: 2015-12-22 04:02:48 Age time: 0 Source-ip: 203.0.113.89 Username: abewhfy Groups:posture-unknown, marketing-access-limited-grp, [user authenticated] Groups referenced by policy:marketing-access-limited-grp State: Valid Source: Aruba ClearPass Access start date: 2016-03-08 Access start time: 17:31:40 Last updated timestamp: 2015-12-22 04:18:48 Age time: 0 Source-ip: 203.0.113.52 Username: jjxchan Groups:posture-healthy, marketing-access-for-pcs-limited-group, marketing-general, sales-limited, corporate-limited, [user authenticated] Groups referenced by policy:marketing-access-for-pcs-limited-group, corporate-limited State: Valid Source: Aruba ClearPass Access start date: 2016-03-08 Access start time: 17:22:48 Last updated timestamp: 2015-12-22 05:46:21 Age time: 0 Source-ip: 203.0.113.53 Username: ltchen1 Groups:posture-healthy, human-resources-grp, accounting-limited, corporate-limited, [user authenticated] Groups referenced by policy:corporate-limited State: Valid Source: Aruba ClearPass Access start date: 2016-03-08 Access start time: 17:21:37 Last updated timestamp: 2015-12-22 05:41:18 Age time: 0 Source-ip: 203.0.113.54 Username: guest1 Groups:posture-healthy, guest, [user authenticated] State: Valid Source: Aruba ClearPass Access start date: 2016-03-08 Access start time: 17:23:10 Last updated timestamp: 2015-12-22 05:50:47 Age time: 0 Source-ip: 203.0.113.55 Username: guest2 Groups:posture-healthy, guest-device-byod, [user authenticated] State: Valid Source: Aruba ClearPass Access start date: 2016-03-08 Access start time: 17:23:21 Last updated timestamp: 2015-12-22 05:52:44 Age time: 0 Source-ip: 2001:db8:4136:e378:8000:63bf:3fff:fdd2 Username: guest3 Groups:posture-healthy, guest-device-grp, [user authenticated] State: Valid Source: Aruba ClearPass Access start date: 2016-03-08 Access start time: 17:23:21 Last updated timestamp: 2015-12-22 05:52:44 Age time: 0
show services user-identification authentication-table authentication-source aruba-clearpass domain brief
Output of this command shows brief user identity and authentication information for users whose devices belong to the GLOBAL domain.
If you do not specify brief, the same information would be displayed. The default behavior is to show brief output.
user@host> show services user-identification authentication-table authentication-source aruba-clearpass domain GLOBAL brief Domain: GLOBAL Total entries: 6 Source IP Username groups(Ref by policy) state 203.0.113.71 taviki2 accounting-grp-and-company-dev Valid 203.0.113.89 gabewb1 marketing-access-limited-grp Valid 203.0.113.92 tljxchan marketing-access-for-pcs-limit Valid 203.0.113.93 tjlchen1 corporate-limited Valid 203.0.113.94 guest1 Valid 203.0.113.95 guest2 Valid 2001:db8:4136:e378:8000:63bf:3fff:fdd2 guest2 Valid
show services user-identification authentication-table authentication-source aruba-clearpass extensive
Output of the following command shows extensive user identity and authentication information for all users authenticated by Aruba ClearPass for whom entries exist in the aruba-clearpass authentication table.
user@host> show services user-identification authentication-table authentication-source aruba-clearpass extensive Domain: GLOBAL Total entries: 7 Source-ip: 203.0.113.31 Username: vjki2 Groups:posture-healthy, accounting-grp, accounting-grp-and-company-device, corporate-limited, [user authenticated] Groups referenced by policy:accounting-grp-and-company-device, corporate-limited State: Valid Source: Aruba ClearPass Access start date: 2016-03-08 Access start time: 17:20:30 Last updated timestamp: 2015-12-22 04:02:48 Age time: 0 Source-ip: 203.0.113.89 Username: labew11 Groups:posture-unknown, marketing-access-limited-grp, [user authenticated] Groups referenced by policy:marketing-access-limited-grp State: Valid Source: Aruba ClearPass Access start date: 2016-03-08 Access start time: 17:31:40 Last updated timestamp: 2015-12-22 04:18:48 Age time: 0 Source-ip: 203.0.113.62 Username: dxchan45 Groups:posture-healthy, marketing-access-for-pcs-limited-group, marketing-general, sales-limited, corporate-limited, [user authenticated] Groups referenced by policy:marketing-access-for-pcs-limited-group, corporate-limited State: Valid Source: Aruba ClearPass Access start date: 2016-03-08 Access start time: 17:22:48 Last updated timestamp: 2015-12-22 05:46:21 Age time: 0 Source-ip: 2001:db8:4136:e378:8000:63bf:3fff:fdd2 Username: efchan47 Groups:posture-healthy, marketing-access-for-pcs-limited-group, marketing-general, sales-limited, corporate-limited, [user authenticated] Groups referenced by policy:marketing-access-for-pcs-limited-group, corporate-limited State: Valid Source: Aruba ClearPass Access start date: 2016-03-08 Access start time: 17:22:48 Last updated timestamp: 2015-12-22 05:46:21 Age time: 0 Source-ip: 203.0.113.83 Username: ljhen1 Groups:posture-healthy, human-resources-grp, accounting-limited, corporate-limited, [user authenticated] Groups referenced by policy:corporate-limited State: Valid Source: Aruba ClearPass Access start date: 2016-03-08 Access start time: 17:21:37 Last updated timestamp: 2015-12-22 05:41:18 Age time: 0 Source-ip: 203.0.113.34 Username: guest1 Groups:posture-healthy, guest, [user authenticated] State: Valid Source: Aruba ClearPass Access start date: 2016-03-08 Access start time: 17:23:10 Last updated timestamp: 2015-12-22 05:50:47 Age time: 0 Source-ip: 203.0.113.95 Username: guest2 Groups:posture-healthy, guest-device-byod, [user authenticated] State: Valid Source: Aruba ClearPass Access start date: 2016-03-08 Access start time: 17:23:21 Last updated timestamp: 2015-12-22 05:52:44 Age time: 0
Identity Management
- show services user-identification authentication-table authentication-source identity-management brief
- show services user-identification authentication-table authentication-source identity-management extensive
- show services user-identification authentication-table authentication-source all extensive
show services user-identification authentication-table authentication-source identity-management brief
Output of this command displays brief user authentication and identity information for all users for whom there are entries in the identity-management authentication source.
user@host> show services user-identification authentication-table authentication-source identity-management brief Domain: ad-domaine-example.net Total entries: 5 Source IP Username groups(Ref by policy) state 198.51.100.63 N/A Valid 203.0.113.30 administrator Valid 203.0.113.18 N/A Valid 198.51.100.69 N/A Valid 198.51.100.66 administrator Valid Domain: NULL Total entries: 1 Source IP Username groups(Ref by policy
show services user-identification authentication-table authentication-source identity-management extensive
Output of this command displays extensive user authentication and identity information for all users for whom there are entries in the identity-management authentication source.
user@host> show services user-identification authentication-table authentication-source identity-management extensive Domain: ad-domain2-example.net Total entries: 5 Source-ip: 198.51.100.63 Username: N/A Groups:posture-healthy State: Valid Source: JIMS - Active Directory Access start date: 2017-06-05 Access start time: 09:28:45 Last updated timestamp: 2017-06-06 08:41:56 Age time: 0 Source-ip: 198.51.100.66 Username: administrator Groups:posture-healthy, group policy creator owners, enterprise admins, schema admins, domain admins, administrators, denied rodc password replication group State: Valid Source: JIMS - Active Directory Access start date: 2017-06-05 Access start time: 09:23:44 Last updated timestamp: 2017-06-06 08:11:45 Age time: 0
show services user-identification authentication-table authentication-source all extensive
Output of this command, which specifies the extensive option, shows state and access information for all entries.
user@host> show services user-identification authentication-table authentication-source identity-management extensive Domain: jims-dom1.local Total entries: 1 Source-ip: 2001:db8:4136:e378:8000:63bf:3fff:fdd2 Username: user1 Groups:posture-healthy Groups referenced by policy:posture-healthy State: Valid Source: JIMS - Active Directory Access start date: 2017-08-23 Access start time: 15:06:32 Last updated timestamp: 2017-06-07 02:50:10 Age time: 30
Identity Management
- show services user-identification authentication-table authentication-source identity-management brief
- show services user-identification authentication-table authentication-source identity-management extensive
- show services user-identification authentication-table authentication-source identity-management tenant tn1 extensive
show services user-identification authentication-table authentication-source identity-management brief
Output of this command displays brief user authentication and identity information for all users for whom there are entries in the identity-management authentication source.
user@host> show services user-identification authentication-table authentication-source identity-management brief Domain: ad-domaine-example.net Total entries: 5 Source IP Username groups(Ref by policy) state 198.51.100.63 N/A Valid 203.0.113.30 administrator Valid 203.0.113.18 N/A Valid 198.51.100.69 N/A Valid 198.51.100.66 administrator Valid Domain: NULL Total entries: 1 Source IP Username groups(Ref by policy
show services user-identification authentication-table authentication-source identity-management extensive
Output of this command displays extensive user authentication and identity information for all users for whom there are entries in the identity-management authentication source.
user@host> show services user-identification authentication-table authentication-source identity-management extensive Domain: ad-domain2-example.net Total entries: 5 Source-ip: 198.51.100.63 Username: N/A Groups:posture-healthy State: Valid Source: JIMS - Active Directory Access start date: 2017-06-05 Access start time: 09:28:45 Last updated timestamp: 2017-06-06 08:41:56 Age time: 0 Source-ip: 198.51.100.66 Username: administrator Groups:posture-healthy, group policy creator owners, enterprise admins, schema admins, domain admins, administrators, denied rodc password replication group State: Valid Source: JIMS - Active Directory Access start date: 2017-06-05 Access start time: 09:23:44 Last updated timestamp: 2017-06-06 08:11:45 Age time: 0
show services user-identification authentication-table authentication-source identity-management tenant tn1 extensive
Output of this command, which specifies the extensive option, shows state and access information for all entries.
user@host> show services user-identification authentication-table authentication-source identity-management tenant tn1 extensive node0: -------------------------------------------------------------------------- Logical System: root-logical-system Domain: ad03.net Total entries: 4 Source-ip: 12.0.0.15 Username: administrator Groups:posture-healthy, admin, group policy creator owners, domain admins, enterprise admins, schema admins, administrators, denied rodc password replication group State: Valid Source: JIMS - Active Directory Access start date: 2017-12-05 Access start time: 09:36:30 Last updated timestamp: 2017-12-04 15:45:51 Age time: 0 Source-ip: 3000::12 Username: jasonlee Groups:posture-healthy, domain users, users, group1 State: Valid Source: JIMS - Active Directory Access start date: 2017-12-05 Access start time: 09:36:30 Last updated timestamp: 2017-12-04 15:46:46 Age time: 0 Source-ip: 3000::5 Username: N/A Groups:posture-healthy State: Valid Source: JIMS - Active Directory Access start date: 2017-12-05 Access start time: 09:36:30 Last updated timestamp: 2017-12-04 16:01:18 Age time: 0 Source-ip: fe80::342c:302b:6cb4:e109 Username: N/A Groups:posture-healthy State: Valid Source: JIMS - Active Directory Access start date: 2017-12-05 Access start time: 09:36:30 Last updated timestamp: 2017-12-04 16:01:14 Age time: 0
Firewall Authentication Forced Age Timeout
Output shows the “Forced Age timeout” value is displayed when the firewall authentication forced timeout function is configured, but only for when the extensive option is used. The value shows the remaining time left based on the forced timeout setting.
show services user-identification authentication-table authentication-source all extensive
user@host> show services user-identification authentication-table authentication-source all extensive Domain: ad-userfw.net Total entries: 1 Source-ip: 198.51.100.98 Username: administrator State: Valid Source: firewall-authentication Access start date: 2016-10-27 Access start time: 09:30:27 Age time: 30 Forced Age time: 30/180
Release Information
Command introduced in Junos OS Release 12.
Support for Aruba ClearPass added in Junos OS release 12.3X48-D30.
Support added for identity-management as an authentication source in Junos OS Release 15.1X49-D100.
Support added for logical-system for authentication-source
all
in Junos OS Release 18.2R1.
Support added for tenant system for authentication-source
identity management
in Junos OS Release 19.1R1.