Juniper LDAP和RADIUS-10232469
junos提供了基于本地数据库的认证 和基于外部认证服务器的认证两种方式。一.local 的认证方式, 需要admin在firewall上添加用户和密码
set access profile profile1 client user1 firewall-user password user1
set access firewall-authentication pass-through default-profile profile1
set security policies from-zone trust to-zone trust policy auth_policy1 match source-address any
set security policies from-zone trust to-zone trust policy auth_policy1 match destination-address any
set security policies from-zone trust to-zone trust policy auth_policy1 match application junos-ftp
set security policies from-zone trust to-zone trust policy auth_policy1 then permit firewall-authentication pass-through client-match user1
二.external authentication server
2.1 ldap 先配置好ldap server 在device上做如下配置
set access profile ldap_pf authentication-order ldap
set access profile ldap_pf authentication-order password
set access profile ldap_pf ldap-options base-distinguished-name CN=users,DC=screenos,DC=spg,DC=juniper,DC=net <--------------------------需与server配置一致
set access profile ldap_pf ldap-server $ldap_server_ip
set security policies from-zone trust to-zone trust policy auth_policy1 match source-address any
set security policies from-zone trust to-zone trust policy auth_policy1 match destination-address any
set security policies from-zone trust to-zone trust policy auth_policy1 match application junos-ftp
set security policies from-zone trust to-zone trust policy auth_policy1 then permit firewall-authentication pass-through profile ldap_pf
2.2Radius:
set access profile radius_pf authentication-order radius
set access profile radius_pf authentication-order password
set access profile radius_pf radius-server $radius_server_ip secret xxxx
set security policies from-zone trust to-zone trust policy auth_policy1 match source-address any
set security policies from-zone trust to-zone trust policy auth_policy1 match destination-address any
set security policies from-zone trust to-zone trust policy auth_policy1 match application junos-ftp
set security policies from-zone trust to-zone trust policy auth_policy1 then permit firewall-authentication pass-through profile rasius_pf
页:
[1]