Juniper LDAP和RADIUS（juniper是什么品牌）

Juniper LDAP和RADIUS（juniper是什么品牌）

junos提供了基于本地数据库的认证 和基于外部认证服务器的认证两种方式。一.local 的认证方式， 需要admin在firewall上添加用户和密码set access profile profile1 client user1 firewall-user password user1set access firewall-authentication pass-through default-profile profile1set security policies from-zone trust to-zone trust policy auth_policy1 match source-address anyset security policies from-zone trust to-zone trust policy auth_policy1 match destination-address anyset security policies from-zone trust to-zone trust policy auth_policy1 match application junos-ftpset security policies from-zone trust to-zone trust policy auth_policy1 then permit firewall-authentication pass-through client-match user1二.external authentication server2.1 ldap 先配置好ldap server 在device上做如下配置set access profile ldap_pf authentication-order ldapset access profile ldap_pf authentication-order passwordset access profile ldap_pf ldap-options base-distinguished-name CN=users,DC=screenos,DC=spg,DC=juniper,DC=net <--------------------------需与server配置一致set access profile ldap_pf ldap-server $ldap_server_ipset security policies from-zone trust to-zone trust policy auth_policy1 match source-address anyset security policies from-zone trust to-zone trust policy auth_policy1 match destination-address anyset security policies from-zone trust to-zone trust policy auth_policy1 match application junos-ftpset security policies from-zone trust to-zone trust policy auth_policy1 then permit firewall-authentication pass-through profile ldap_pf2.2 Radius:set access profile radius_pf authentication-order radiusset access profile radius_pf authentication-order passwordset access profile radius_pf radius-server $radius_server_ip secret xxxxset security policies from-zone trust to-zone trust policy auth_policy1 match source-address anyset security policies from-zone trust to-zone trust policy auth_policy1 match destination-address anyset security policies from-zone trust to-zone trust policy auth_policy1 match application junos-ftpset security policies from-zone trust to-zone trust policy auth_policy1 then permit firewall-authentication pass-through profile rasius_pf

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。