Modifying the User Management Configuration for Security Devices
You can use the User Management section on the Modify Configuration page to modify the user details, authentication methods, password settings, access profile, and so on.
Refer to the Junos OS documentation (available at https://www.juniper.net/documentation/en_US/release-independent/junos/information-products/pathway-pages/junos/product/) for a particular release and device. There you can find detailed information on the configuration parameters for that device.
To modify the basic configuration:
Setting |
Guideline |
---|---|
User Details |
Provides the users details to the device’s local database. Existing users are displayed in a table with their username, full name, login type, and user type. To add a user:
To edit the information of a user, select it and click pencil icon. Then edit the user details in the Edit User dialog box and click OK. To delete an existing user, select it and click delete icon. |
Authentication Methods |
Specifies the authentication method the device should use to authenticate users. To add the authentication order:
|
RADIUS Servers |
Select the checkbox to specify the details of RADIUS servers. To configure RADIUS Servers:
Select a radius server and click pencil icon to edit the radius server. Click delete to delete the radius server. |
TACACS+ Servers |
Select the checkbox to provide the details of TACACS+ server. To configure a TACACS+ server:
Select an IP address and click the pencil icon to edit the server details and click delete to delete the server details. |
Password Settings | |
Minimum Reuse |
Select the minimum number of old passwords that must not be same as the new password. The range is from 1 through 20. |
Maximum Length |
Select the maximum password length. The range is from 20 through 128. |
Minimum Length |
Select the minimum password length. The range is from 6 through 20. |
Access Profile | |
Create an access profile |
You can configure the Lightweight Directory Access Protocol (LDAP) for SRX Series devices. To create an access profile:
|
Address pool |
To add an address pool:
|
FW Authentication - Pass Through Settings | |
Default Profile |
Select the profile that the policies can use to authenticate users. |
FTP Banners | |
Login |
Enter the login prompt for users logging in using FTP. |
Success |
Enter a successful login prompt for users logging in using FTP. |
Fail |
Enter a failed login prompt for users logging in using FTP. |
Telnet Banners | |
Login |
Enter the login prompt for users logging in using Telnet. |
Success |
Enter a successful login prompt for users logging in using Telnet. |
Fail |
Enter a failed login prompt for users logging in using Telnet. |
HTTP Banners | |
Login |
Enter the login prompt for users logging in using HTTP. |
Success |
Enter a successful login prompt for users logging in using HTTP. |
Fail |
Enter a failed login prompt for users logging in using HTTP. |
FW Authentication - Web Authentication Settings | |
Default Profile |
Select the profile that the policies can use to authenticate users. |
Success |
Enter a message that will be displayed on a successful login for users logging in using Web authentication. |
Setting |
Description |
---|---|
General Settings | |
Access Profile Name |
Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. Maximum length is 64 characters. |
Authentication Order | |
Order 1 |
Configure the order in which the user tries different authentication methods during login. For each login attempt, the method for authentication starts with the first one, until the password matches. Select the following authentication methods:
|
Order 2 |
Configure the next authentication method if the authentication method included in the authentication Order 1 is not available, or if the authentication is available but returns a reject response. Select the authentication method from the list and click Next. |
Authentication Type | |
Entity Requesting Access |
To add entity requesting access.
You can select the username and edit or delete it. |
LDAP Server |
Configure the LDAP server for authentication. To add the LDAP server:
|
LDAP Options | |
Base Distinguished Name |
Enter the base distinguished name that defines the user. |
Revert Interval |
Select the amount of time that elapses before the primary server is contacted if a backup server is being used. The range is from 60 to 4294967295. |
Additional Details | |
Assemble |
Select the checkbox to assemble user’s LDAP distinguished name (DN) using a common name identifier, username, and base distinguished name. |
Common Name |
Enter the common name identifier used as a prefix for the username during the assembly of the users distinguished name. |
Search |
Select the checkbox to enable the search option. |
Search Filter |
Enter the name of the filter to find the user’s LDAP distinguished name. |
Admin Search |
Select the checkbox to perform an LDAP administrator search. By default, the search is an anonymous search. |
Distinguished Name |
Enter the distinguished name of an administrative user. The distinguished name is used for performing the LDAP search. |
Password |
Configure the plain-text password for the administrative user. |