we won't explain basic radius and juniper configuration, we assume that they are already configured UP&RUNNING, pingable, and ready for use,
i.e. you can google freeradius installation for your OS.
RADIUS has 2 users "a" & "b" which belong to different classes, users and classes were taken to show differences itself:
Код: Выделить всё
root@ubuntu:~# vi /etc/freeradius/3.0/users
...omitted...
"a" Cleartext-Password := "a"
Service-Type = Login-User,
Juniper-Local-User-Name := "class_A"
"b" Cleartext-Password := "b"
Service-Type = Login-User,
Juniper-Local-User-Name := "class_B"
"/etc/freeradius/3.0/users" 248L, 7842B written
Код: Выделить всё
a@vMX2> show configuration system login | display set
set system login class admin permissions all
set system login user class_A uid 2003
set system login user class_A class admin
set system login user class_B uid 2004
set system login user class_B class admin
a@vMX2> show configuration system radius-server | display set
set system radius-server 192.168.0.165 secret "hello_secret"
set system radius-server 192.168.0.165 timeout 3
set system radius-server 192.168.0.165 retry 3
set system radius-server 192.168.0.165 source-address 192.168.255.2
a@vMX2>
matches local user "set system login user class_A " which is bound to "admin" class with configured permissions
VERIFICATION:
Код: Выделить всё
a@vMX2> show cli authorization | match "Current user"
Current user: 'class_A' login: 'a' class 'admin'
a@vMX2>
a@vMX2> show system users
2:21PM up 6:23, 2 users, load averages: 0.47, 0.61, 0.64
USER TTY FROM LOGIN@ IDLE WHAT
ed u0 - 2:11PM 9 -cl
a pts/0 10.101.0.0 2:13PM - -cl
a@vMX2>