SRX Services Gateway
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
ed1976
Visitor
ed1976
Posts: 5
Registered: ‎11-02-2010
0

How to divide users on the Radius-server (IAS)

Options

‎11-04-2010 01:15 PM

I use the same radius-server (IAS) for Web authentication and Dynamic vpn.  But thus Dynamic VPN users can use the login for access to Web authentication. How can I restrict it? Can SRX send different identificator for Dynamic VPN and Web authentication.

SRX240H v10.3

Message 1 of 4 (2,838 Views)
 
Reply
Trusted Contributor
mawr
Posts: 236
Registered: ‎06-11-2010
0

Re: How to divide users on the Radius-server (IAS)

Options

‎11-04-2010 02:25 PM

Would you be able to assign those users to the unauthorized class?

 

mawr

Message 2 of 4 (2,834 Views)
 
Reply
ed1976
Visitor
ed1976
Posts: 5
Registered: ‎11-02-2010
0

Re: How to divide users on the Radius-server (IAS)

Options

‎11-08-2010 02:30 AM

Unauthorized class? What is it?

Message 3 of 4 (2,751 Views)
 
Reply
Trusted Contributor
mawr
Posts: 236
Registered: ‎06-11-2010
0

Re: How to divide users on the Radius-server (IAS)

Options

‎11-08-2010 08:41 AM

ed1976 wrote:

Unauthorized class? What is it?

According to what I've read this should be possible by assigning the remote user template to the unauthorized class of permissions.

 

http://www.juniper.net/techpubs/software/junos-security/junos-security10.3/junos-security-admin-guid...

 

So essentially you'd type set system login user remote class unauthorized.  It may need tweaking to allow for Dynamic VPN access though.

 

Hope this helps.

 

mawr

Message 4 of 4 (2,738 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.