Table of Contents
Advertisement
Specifying the Domain Name or Realm Name Parse Direction
Stripping the Domain Name
aaa delimiter
Copyright © 2010, Juniper Networks, Inc.
realm-first—The router searches for a realm name first and uses the realm name as
the user's domain name. For username usEast/lori@abc.com, the domain is usEast.
For example, if you set the delimiter for the realm name to / and set the delimiter for the
domain name to @, the router parses the realm first by default. The username
usEast/lori@abc.com results in a domain name of usEast. To cause the parsing to return
abc.com as the domain, enter the aaa parse-order domain-first command.
You can specify the direction—either left to right or right to left—in which the router
performs the parsing operation when identifying the realm name or domain name. This
feature is particularly useful if the username contains nested realm or domain names.
For example, for a username of userjohn@abc.com@xyz.com, you can identify the domain
as either abc.com@xyz.com or as xyz.com, depending on the parse direction that you
specify.
You use either the left-to-right or right-to-left keywords with one of the following
keywords to specify the type of search and parsing that the router performs:
domainName—The router searches for the next domain delimiter value in the direction
specified. When it reaches a delimiter, the router uses anything to the right of the
delimiter as the domain name. Domain parsing is from right to left by default.
realmName—The router searches for the next realm delimiter value in the direction
specified. When it reaches a delimiter, the router uses anything to the left of the delimiter
as the realm name. Realm parsing is from left to right by default.
Example
host1(config)#aaa parse-direction domainName left-to-right
The router provides feature that strips the domain name from the username before it
sends the name to the RADIUS server in an Access-Request message. You can enable
or disable this feature using the strip-domain command.
By default, the domain name is the text after the last @ character. However, if you changed
the domain name parsing using the aaa delimiter, aaa parse-order, or aaa parse direction
commands, the router strips the domain name and delimiter that result from the parsing.
Use to configure delimiters for the domain and realm names. Specify one of the
following keywords:
domainName—Configures domain name delimiters. The default domain name
delimiter is @.
realmName—Configures realm name delimiters. The default realm name delimiter
is NULL (no character). In this case, realm parsing is disabled (having no delimiter
disables realm parsing).
You can specify up to eight delimiters each for domain name and realm name.
Chapter 1: Configuring Remote Access
13
Advertisement
Table of Contents
Troubleshooting
