On Fri, 19 Mar 2004, Robert Banniza wrote: > In looking at the dictionary.juniper file, I notice there are 5 > attributes in this file: > > ATTRIBUTE Juniper-Local-User-Name 1 string > Juniper > ATTRIBUTE Juniper-Allow-Commands 2 string > Juniper > ATTRIBUTE Juniper-Deny-Commands 3 string > Juniper > ATTRIBUTE Juniper-Allow-Configuration 4 string > Juniper > ATTRIBUTE Juniper-Deny-Configuration 5 string > Juniper > > With that said, I'm using OpenLDAP to authenticate and would also like > to use LDAP to control who has access to which commands within JUNOS. > Therefore, can I place these attributes in my OpenLDAP ldif and have > radius read them....In doing this, don't these attributes need to be > defined within the RADIUS-LDAPv3.schema or some other schema? Is anyone > doing this currently to show me where I need to go next? I have searched > the web and there is little info on Juniper/Freeradius.
You can either define a few new ldap attributes for the corresponding Juniper RADIUS attributes and add them to your ldap schema. Or you can use the generic attributes provided in the current schema: radiusReplyItem: Juniper-Local-User-Name := <username> and so on > > Thanks > > Robert > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
