JuniperLDAP和RADIUS

junos提供了基于本地数据库的认证 和基于外部认证服务器的认证两种方式。
一.local 的认证方式， 需要admin在firewall上添加用户和密码
set access profile profile1 client user1 firewall-user password user1
set access firewall-authentication pass-through default-profile profile1
set security policies from-zone trust to-zone trust policy auth_policy1 match source-address any
set security policies from-zone trust to-zone trust policy auth_policy1 match destination-address any
set security policies from-zone trust to-zone trust policy auth_policy1 match application junos-ftp
set security policies from-zone trust to-zone trust policy auth_policy1 then permit firewall-authentication pass-through client-match user1
二.external authentication server
2.1 ldap 先配置好ldap server 在device上做如下配置
set access profile ldap_pf authentication-order ldap
set access profile ldap_pf authentication-order password
set access profile ldap_pf ldap-options base-distinguished-name CN=users,DC=screenos,DC=spg,DC=juniper,DC=net <--------------------------需与server配置一致
set access profile ldap_pf ldap-server $ldap_server_ip
set security policies from-zone trust to-zone trust policy auth_policy1 match source-address any
set security policies from-zone trust to-zone trust policy auth_policy1 match destination-address any
set security policies from-zone trust to-zone trust policy auth_policy1 match application junos-ftp
set security policies from-zone trust to-zone trust policy auth_policy1 then permit firewall-authentication pass-through profile ldap_pf
2.2 Radius:
set access profile radius_pf authentication-order radius
set access profile radius_pf authentication-order password
set access profile radius_pf radius-server $radius_server_ip secret xxxx
set security policies from-zone trust to-zone trust policy auth_policy1 match source-address any
set security policies from-zone trust to-zone trust policy auth_policy1 match destination-address any
set security policies from-zone trust to-zone trust policy auth_policy1 match application junos-ftp
set security policies from-zone trust to-zone trust policy auth_policy1 then permit firewall-authentication pass-through profile rasius_pf

创新互联是一家以成都网站建设、网页设计、品牌设计、软件运维、seo优化排名、小程序App开发等移动开发为一体互联网公司。已累计为成都橡塑保温等众行业中小客户提供优质的互联网建站和软件开发服务。

标题名称：JuniperLDAP和RADIUS
浏览路径：https://www.cdcxhl.com/article6/ijgiog.html

成都网站建设公司_创新互联，为您提供面包屑导航、手机网站建设、微信公众号、虚拟主机、网站排名、标签优化

广告

声明：本网站发布的内容（图片、视频和文字）以用户投稿、用户转载内容为主，如果涉及侵权请尽快告知，我们将会在第一时间删除。文章观点不代表本网站立场，如需处理请联系客服。电话：028-86922220；邮箱：631063699@qq.com。内容未经允许不得转载，或转载时需注明来源： 创新互联