Juniper Radius attributes on IAS - howto
Monday, September 25, 2023 at 04:05amHello,
I'm trying to enable Junos authentication against IAS server.
On juniper KB I found the following but I don't know how and where to apply it on IAS instance 3.23.
"...
-
Configure the RADIUS server to map the authenticated user to the appropriate user template.
-
Set the Juniper-Local-User-Name Juniper VSA (vendor-specific attribute) (Vendor 2636, type 1, string) to the name of a user template configured on the device, which in the previous example is RO, OP, or SU. The RADIUS server includes the attribute in the RADIUS Access-Accept message. Authentication fails if the device cannot assign a user to a local user account or user template, and the remote user template is not configured.
..."
Reply to: Juniper Radius attributes on IAS - howto
Tuesday, September 26, 2023 at 01:36amhi Vedran,
OAS handles Radius on multiple levels.
In your case, you will need to
1. Define the custom attribute in radius.dct (in the BIN folder of your OAS installation)
2. Add the correct value as a Radius attribute to the user (User Attributes tab on a user in the WebAdmin)
3. Specify in the applicable policy that Radius attributes need to be returned and which groups to return.
I hope this helps to resolve your issue.
For future requests, please note you can always contact [email protected]. For simple queries the team will assist you. If extensive help is needed, we also offer the option to contract with Professional Services.