Junos read-only user in freeradius

When we have defined only one junos login "remote" in our devices with class super-user, and we want to add read-only login without touching junos config. We have to add couple of lines to user file in freeradius, as below:

# file /etc/freeradius/users
ro Auth-type := Local, User-Password = "password"
      Juniper-Local-User-Name = "ro",
      Juniper-Deny-Commands = "configure|request|reboot",
      Service-Type = "NAS-Prompt-User"
# on juniper
show configuration system login
user remote {
    full-name "All remote users";
    uid 2000;
    class super-user;                   

Brak komentarzy:

Prześlij komentarz