Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - BROADBAND ACCESS CONFIGURATION GUIDE 2010-10-12 Configuration Manual page 53

aaa parse-order
strip-domain
Copyright © 2010, Juniper Networks, Inc.
left-to-right—Router searches from the left-most character. When the router reaches
a realm delimiter, it uses anything to the left of the delimiter as the domain. When
the router reaches a domain delimiter, it uses anything to the right of the delimiter
as the domain.
right-to-left—Router searches from the right-most character. When the router
reaches a realm delimiter, it uses anything to the left of the delimiter as the domain.
When the router reaches a domain delimiter, it uses anything to the right of the
delimiter as the domain.
Example
host1(config)#aaa parse-direction domainName left-to-right
Use the no version to return to the default: right-to-left parsing for domain names and
left-to-right parsing for realm names.
See aaa parse-direction
Use to specify which part of a username the router uses as the domain name. If a user's
name contains both a realm name and a domain name, you can configure the router
to use either name as the domain name.
domain-first—Router searches for a domain name first. When the router reaches a
domain delimiter, it uses anything to the right of the delimiter as the domain name.
For example, if the username is usEast/lori@abc.com, the domain name is abc.com.
If the router does not find a domain name, it then searches for a realm name if the
realm delimiter is specified.
realm-first—Router searches for a realm name first. When the router reaches a realm
delimiter, it uses anything to the left of the delimiter as the domain. For example, if
the username is usEast/lori@abc.com, the domain name is usEast. If no realm name
is found, the router searches for a domain name.
Example
host1(config)#aaa parse-order domain-first
Use the no version to return to the default, realm first.
See aaa parse-order
Use to strip the domain name from the username before sending an access-request
message to the RADIUS server.
By default, the domain name is the text after the last @ character. However, if you
change the domain name parsing by using the aaa delimiter, aaa parse-order, or
parse-direction command, the router strips the domain name and delimiter that result
from the parsing.
To stop stripping the username, use the disable keyword.
Example
Chapter 1: Configuring Remote Access
15