SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Visitor
Posts: 5
Registered: ‎11-02-2010
0 Kudos

How to divide users on the Radius-server (IAS)

I use the same radius-server (IAS) for Web authentication and Dynamic vpn.  But thus Dynamic VPN users can use the login for access to Web authentication. How can I restrict it? Can SRX send different identificator for Dynamic VPN and Web authentication.

SRX240H v10.3

Trusted Contributor
Posts: 236
Registered: ‎06-11-2010
0 Kudos

Re: How to divide users on the Radius-server (IAS)

Would you be able to assign those users to the unauthorized class?

 

mawr

Visitor
Posts: 5
Registered: ‎11-02-2010
0 Kudos

Re: How to divide users on the Radius-server (IAS)

Unauthorized class? What is it?

Trusted Contributor
Posts: 236
Registered: ‎06-11-2010
0 Kudos

Re: How to divide users on the Radius-server (IAS)


ed1976 wrote:

Unauthorized class? What is it?


According to what I've read this should be possible by assigning the remote user template to the unauthorized class of permissions.

 

http://www.juniper.net/techpubs/software/junos-security/junos-security10.3/junos-security-admin-guid...

 

So essentially you'd type set system login user remote class unauthorized.  It may need tweaking to allow for Dynamic VPN access though.

 

Hope this helps.

 

mawr