On Fri, Mar 19, 2004 at 06:35:17PM +0200, Kostas Kalevras wrote: > On Fri, 19 Mar 2004, Robert Banniza wrote: > > > In looking at the dictionary.juniper file, I notice there are 5 > > attributes in this file: > > > > ATTRIBUTE Juniper-Local-User-Name 1 string > > Juniper > > ATTRIBUTE Juniper-Allow-Commands 2 string > > Juniper > > ATTRIBUTE Juniper-Deny-Commands 3 string > > Juniper > > ATTRIBUTE Juniper-Allow-Configuration 4 string > > Juniper > > ATTRIBUTE Juniper-Deny-Configuration 5 string > > Juniper > > > > With that said, I'm using OpenLDAP to authenticate and would also like > > to use LDAP to control who has access to which commands within JUNOS. > > Therefore, can I place these attributes in my OpenLDAP ldif and have > > radius read them....In doing this, don't these attributes need to be > > defined within the RADIUS-LDAPv3.schema or some other schema? Is anyone > > doing this currently to show me where I need to go next? I have searched > > the web and there is little info on Juniper/Freeradius. > > You can either define a few new ldap attributes for the corresponding Juniper > RADIUS attributes and add them to your ldap schema. > Or you can use the generic attributes provided in the current schema: > > radiusReplyItem: Juniper-Local-User-Name := <username> > > and so on
I'm not sure I'm following you...Let's say I want to add the Juniper-Allow-Commands and Juniper-Deny-Commands to my user's profile within OpenLDAP. Wouldn't I have to define these attributes within some LDAP schema whether it be in the RADIUS-LDAPv3.schema or some other schema in order for OpenLDAP to know how to interpret the attribute? I guess the knowledge gap I'm having is to determine how/where to make Freeradius understand these attributes within OpenLDAP the same way Freeradius knows about these attributes through the dictionary.juniper file. Along those same lines, in which file do I put "radiusReplyItem: Juniper-Local-User-Name := <username>"? Thanks Robert > > > > > Thanks > > > > Robert > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 > 'Go back to the shadow' Gandalf > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
