Active Directory Juniper mapping attribute - no local login-id configured

Alan DeKok aland at deployingradius.com
Mon Sep 6 14:53:31 CEST 2021


On Sep 3, 2021, at 2:43 PM, Steven Vacaroaia <stef97 at gmail.com> wrote:
> I am trying to setup 2FA for my Juniper switches using Freeradius,
> Active Directory and Yubikey
> ...
> "..
> to make sure that the group of users that you're allowing access to
> the EXs gets the following vendor-specific attribute returned in their
> access-accept message:
> 
> Vendor Code: 2636 (Juniper)
> 
> Attribute:1 Juniper-Local-User-Name
> 
> Value: "superUserClass"
> 
> ..."

  update reply {
	Juniper-Local-User-Name := "foo"
  }

> Do I have to modify AD schema and add those attributes or there is a
> better / smarter way to
> achieve the above  ?

  You can just add attributes.

> Any help/ instructions / ideas / documentation pointers will be
> greatly appreciated

$ man unlang

  And see the many examples in radiusd.conf.

  Alan DeKok.



More information about the Freeradius-Users mailing list