Using The Realm Name As The Domain Name; Using Delimiters Other Than; Using Either The Domain Or The Realm As The Domain Name; Specifying The Domain Name Or Realm Name Parse Direction - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - BROADBAND ACCESS CONFIGURATION GUIDE 2010-10-12 Configuration Manual
Software for e series broadband services routers broadband access configuration guide
Hide thumbs
Also See for JUNOSE SOFTWARE FOR E SERIES 11.3.X - BROADBAND ACCESS CONFIGURATION GUIDE 2010-10-12:
- Configuration manual (750 pages)
Table of Contents
Advertisement
Using the Realm Name as the Domain Name
Using Delimiters Other Than @
Using Either the Domain or the Realm as the Domain Name
Specifying the Domain Name or Realm Name Parse Direction
Copyright © 2010, Juniper Networks, Inc.
To provide these features, the router allows you to specify delimiters for the domain
name and realm name. You can use up to eight one-character delimiters each for domain
and realm names. The router also lets you specify how it parses usernames to determine
which part of a username to use as the domain name.
Typically, a realm appears before the user field and is separated with the / character; for
example, usEast/jill@abc.com. To use the realm name usEast rather than abc.com as
the domain name, set the realm name delimiter to /. For example:
host1(config)#aaa delimiter realmName /
This command causes the router to use the string to the left of the / as the domain name.
If the realm name delimiter is null (the default), the router will not search for the realm
name.
You can set up the router to recognize delimiters other than @ to designate the domain
name. Suppose there are two users: bob@abc.com and pete!xyz.com, and you want to
use both of their domain names. In this case you would set the domain name delimiter
to @ and !. For example:
host1(config)#aaa delimiter domainName @!
If the username contains both a realm name and a domain name delimiter, you can use
either the domain name or the realm name as the domain name. As previously mentioned,
the router treats usernames with multiple delimiters as though the realm name is to the
left of the realm delimiter and the domain name is to the right of the domain delimiter.
If you set the parse order to:
domain-first—The router searches for a domain name first. For example, for username
usEast/lori@abc.com, the domain name is abc.com.
realm-first—The router searches for a realm name first and uses the realm name as
the user's domain name. For username usEast/lori@abc.com, the domain is usEast.
For example, if you set the delimiter for the realm name to / and set the delimiter for the
domain name to @, the router parses the realm first by default. The username
usEast/lori@abc.com results in a domain name of usEast. To cause the parsing to return
abc.com as the domain, enter the aaa parse-order domain-first command.
You can specify the direction—either left to right or right to left—in which the router
performs the parsing operation when identifying the realm name or domain name. This
feature is particularly useful if the username contains nested realm or domain names.
For example, for a username of userjohn@abc.com@xyz.com, you can identify the domain
as either abc.com@xyz.com or as xyz.com, depending on the parse direction that you
specify.
Chapter 1: Configuring Remote Access
13
Advertisement
Table of Contents
Troubleshooting
