Vendor-Specific Attributes (VSAs)
One or more
VSA:
If no VSAs are configured for a user, then the following applies.
If all conditions listed above are not met, then access to the 7705 SAR
failed login event/trap is written to the security log.
For receiving data from the RADIUS server, the following are supported:
Page 38
All commands at and below the hierarchy level of the matched command are subject
to the
timetra-action
Multiple match-strings can be entered in a single
must be semicolon (;) separated (maximum string length is 254 characters).
timetra-cmd
•
timetra-action <deny | permit>
applied to all match strings specified since the last
•
timetra-home-directory <home-directory string>
home directory that applies for the FTP and CLI user. If this VSA is not configured,
the home directory is Compact Flash slot 1 (cf3:).
•
timetra-restrict-to-home-directory <true | false>
user access is limited to their home directory (and directories and files subordinate
to their home directory). If this VSA is not configured, the user is allowed to access
the entire file system.
•
timetra-login-exec <login-exec-string>
that is executed when the user login is successful. If this VSA is not configured, no
login exec file is applied.
•
The password authentication-order command on the 7705 SAR router must include
.
local
•
The user name must be configured on the 7705 SAR router.
•
The user must be successfully authenticated by the RADIUS server.
•
A valid profile must exist on the 7705 SAR router for this user.
•
Juniper (vendor-id 4874) attributes 4 (Primary DNS server) and 5 (Secondary DNS
server)
•
Redback (vendor-id 2352) attributes 1 (Primary DNS) and 2 (Secondary DNS)
•
sending authentication requests: (from the DSL Forum) (vendor-id 3561), attributes
1 (Circuit ID) and 2 (Remote ID)
VSA.
VSAs can be entered followed by a single
— causes the permit or deny action to be
7705 SAR OS System Management Guide
VSA. Match strings
timetra-cmd
timetra-action
VSA
timetra-action
— specifies the
— specifies if
— specifies the login exec file
router
is denied and a