Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 Administration Manual page 451

Copyright © 2010, Juniper Networks, Inc.
(e-mail address); during phase 2, the device prompts the user for their U-FQDN for
authentication.
To add an external user group object:
In the navigation tree, select Object Manager > User Objects > External User Groups.
1.
In the main display area, click the Add icon and select New to display the New External
Group dialog box.
Enter a name for the external user group. The name must match the name of the
2.
user group as configured on the external server.
Enter a color and comment for the external user group.
3.
Configure the authentication methods for the user group:
4.
XAuth. Enables XAuth authentication for the user group.
Auth. Enables local authentication against a username and password stored in a
security device's local database.
NOTE: All passwords handled by NSM are case-sensitive.
L2TP. Enables authentication in the L2TP tunnel that users in the group use to
connect to the device.
Click OK to save the new group.
5.
Using Radius with User Groups
In this example, you configure an external RADIUS auth server named radius1 and define
an external auth user group named auth_grp2. You define the external auth user group
auth_grp2 in two places: External RADIUS auth server " radius1," and in NSM. For the
RADIUS server, you enter the IP address 10.20.1.100 and change its port number from the
default port number (1645) to 4500.
Next, you populate the auth user group " auth_grp2" with auth users on the RADIUS server
only, leaving the group unpopulated in NSM. The members in this group are accountants
who require exclusive access to a server at IP address 10.1.1.80. You create an address
book entry for the server and name the address " midas." Finally, you configure a security
policy that permits only authenticated traffic from auth_grp2 to midas, both of which are
in the Trust zone.
Chapter 8: Configuring Objects
401