SRX Services Gateway
Reply
Visitor
ed1976
Posts: 5
Registered: ‎11-02-2010
0

How to divide users on the Radius-server (IAS)

I use the same radius-server (IAS) for Web authentication and Dynamic vpn.  But thus Dynamic VPN users can use the login for access to Web authentication. How can I restrict it? Can SRX send different identificator for Dynamic VPN and Web authentication.

SRX240H v10.3

Trusted Contributor
mawr
Posts: 236
Registered: ‎06-11-2010
0

Re: How to divide users on the Radius-server (IAS)

Would you be able to assign those users to the unauthorized class?

 

mawr

Visitor
ed1976
Posts: 5
Registered: ‎11-02-2010
0

Re: How to divide users on the Radius-server (IAS)

Unauthorized class? What is it?

Trusted Contributor
mawr
Posts: 236
Registered: ‎06-11-2010
0

Re: How to divide users on the Radius-server (IAS)


ed1976 wrote:

Unauthorized class? What is it?


According to what I've read this should be possible by assigning the remote user template to the unauthorized class of permissions.

 

http://www.juniper.net/techpubs/software/junos-security/junos-security10.3/junos-security-admin-guid...

 

So essentially you'd type set system login user remote class unauthorized.  It may need tweaking to allow for Dynamic VPN access though.

 

Hope this helps.

 

mawr

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.