It would be nice if the manual documented what happens when an incoming
request is potentially capable of matching more than one Client clause.
Here's what I've figured out on my own (as of 4.13), in case it helps
others in the meanwhile:
* If multiple Client clauses have an exact match (same IP,
Hello Craig -
The usual way to do this is with Identifiers in the Client clauses and Handlers
to match.
Something like this:
…..
Identifier JuniperNetscreen
Secret …..
…..
Identifier JuniperNetscreen
Secret …..
…..
Identifier Jun
Hi Hugh,
Actually I was looking for a way to set the vsys/privilege to restrict what a
user can do.
i.e. wanted to do something like this:
AuthorizeGroup READ permit service=netscreen {vsys=root
privilege=read-only}
AuthorizeGroup WRITE permit service=netscreen {vsys=root privil
Hello Craig -
There are several steps:
1. define the AuthorizeGroup’s you require
2. specify the return attributes you need for each AuthorizeGroup (syntax will
depend on the specific device)
3. perform the authentication and set which AuthorizeGroup the user belongs to
…..
See the examples