junos提供了基于本地数据库的认证 和基于外部认证服务器的认证两种方式。 一.local 的认证方式, 需要admin在firewall上添加用户和密码 set access profile profile1 client user1 firewall-user password user1 set access firewall-authentication pass-through default-profile profile1 set security policies from-zone trust to-zone trust policy auth_policy1 match source-address any set security policies from-zone trust to-zone trust policy auth_policy1 match destination-address any set security policies from-zone trust to-zone trust policy auth_policy1 match application junos-ftp set security policies from-zone trust to-zone trust policy auth_policy1 then permit firewall-authentication pass-through client-match user1 二.external authentication server 2.1 ldap 先配置好ldap server 在device上做如下配置 set access profile ldap_pf authentication-order ldap set access profile ldap_pf authentication-order password set access profile ldap_pf ldap-options base-distinguished-name CN=users,DC=screenos,DC=spg,DC=juniper,DC=net <--------------------------需与server配置一致 set access profile ldap_pf ldap-server $ldap_server_ip set security policies from-zone trust to-zone trust policy auth_policy1 match source-address any set security policies from-zone trust to-zone trust policy auth_policy1 match destination-address any set security policies from-zone trust to-zone trust policy auth_policy1 match application junos-ftp set security policies from-zone trust to-zone trust policy auth_policy1 then permit firewall-authentication pass-through profile ldap_pf 2.2 Radius: set access profile radius_pf authentication-order radius set access profile radius_pf authentication-order password set access profile radius_pf radius-server $radius_server_ip secret xxxx set security policies from-zone trust to-zone trust policy auth_policy1 match source-address any set security policies from-zone trust to-zone trust policy auth_policy1 match destination-address any set security policies from-zone trust to-zone trust policy auth_policy1 match application junos-ftp set security policies from-zone trust to-zone trust policy auth_policy1 then permit firewall-authentication pass-through profile rasius_pf
Juniper LDAP和RADIUS
原创
©著作权归作者所有:来自51CTO博客作者Bcheng7的原创作品,请联系作者获取转载授权,否则将追究法律责任
提问和评论都可以,用心的回复会被更多人看到
评论
发布评论
相关文章
-
在CentOS8上安装部署LDAP和RADIUS服务
简述使用FreeIPA+FreeRadius实现LDAP+Radius服务
ldap+radius FreeIPA+FreeRadius -
ldap和数据库的区别 ldap和radius区别
1. RADIUS 概述 (Introduction) RADIUS:Remote Authentication Dial In User Service ,远程用户拨号认证系统 由 RFC2865 , RFC2866 定义,是目前应用最广泛的 AAA 协议。
ldap和数据库的区别 测试 服务器 authentication server
