There's an example of this somewhere (since their 'will it blend' operation on their website, i can't locate it).
It, however, was for a 'agree or be logged off' prompt display upon login, not prior to login. Also, the method used in the referenced case will probably be overwritten during an upgrade, whereas using a login-script will be maintained across upgrades.
Here's my config:
root#> show configuration system login
class data-admins {
idle-timeout 15;
login-script login-script.slax; #### here's the script
permissions all;
}
user admin-template {
full-name "template for RADIUS auth";
uid 1999;
class data-admins;
}
}
and here's the login-script.slax (which is stored on the switch at /config/db/scripts/op/login-script.slax
version 1.15;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";
match / {
var $banner = '
* ****************************************************************************
* Acme Corp - Authorized Access Only
* This system is for the authorized use of employees of Acme.
# All access is logged and/or monitored.
* ****************************************************************************
';
<op-script-results> {
if ($user != "netconf") {
expr jcs:output($banner);
var $response = {
call get-response();
}; /* var $response = { */
if ($response == "no") {
var $userinfo = <get-system-users-information> ;
var $response2 = jcs:invoke($userinfo);
var $usertable = $response2/uptime-information/user-table/user-entry;
for-each ($usertable) {
var $tty = ./tty;
var $command = ./command;
if ($command == "-cli (cli)") {
var $terminateuser = <command> "request system logout terminal " _ $tty;
expr jcs:invoke($terminateuser);
}
/* if ($command == "-cli (cli)") { */
}
/* for-each ($status) { */
}
/* if ($response == "no") { */
}
/* if ($user != "netconf") { */
}
/* <op-script-results> { */
}
/* match / { */
template get-response() {
var $newline = jcs:printf("\n");
expr jcs:output($newline);
var $res = jcs:input("Consent to monitoring and continue? (yes/no) ");
if ($res != "yes" && $res != "no") {
call get-response();
} else {
expr $res;
}
/* if ($res != "yes" && $res != "no") { */
}
/* template get-response() { */
Just beware that if you are logged in, and you log in a 2nd time and say no to the consent and continue prompt, BOTH of your sessions will be disconnected.
If the author (someone at Juniper) has updated it, I haven't seen it (see my comment above)