add examples as per Juniper documentation

FreeRADIUS · Jan 8, 2025 · 30eb9d2 · 30eb9d2
1 parent 4147d90
commit 30eb9d2
Showing 1 changed file with 44 additions and 6 deletions.
diff --git a/share/dictionary/tacacs/dictionary.juniper b/share/dictionary/tacacs/dictionary.juniper
@@ -8,6 +8,11 @@
 #
 #	https://www.juniper.net/documentation/en_US/junos13.1/topics/task/configuration/tacacs-authentication-configuring.html
 #
+#	Example contents of these attributes are documented on the Juniper site:
+#
+#	https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/topic-map/user-access-tacacs-authentication.html#id-using-regular-expressions-on-a-radius-or-tacacs-server-to-allow-or-deny-access
+#
+#
 #	$Id$
 #
 ##############################################################################
@@ -18,21 +23,54 @@
 DEFINE	local-user-name					string
 
 #
-# Regular expression to match allowed commands
+#  User permissions.
 #
-DEFINE	allow-commands					string
+#	user-permissions = "flag1 flag2 flag3"
+#
+DEFINE	user-permissions				string
 
 #
-# Regular expression to match allowed configurations
+#  Each command is enclosed in parantheses: 	"(cmd)"
 #
-DEFINE	allow-configurations				string
+#  Multiple commands are separated by a pipe:	"(one)|(two)"
+#
+#  The device will merge all of the regular expressions received from
+#  the local configuration, TACACS+ and RADIUS.
+#
+#  Each of the following commands also has a "regexps" variant. They use the same syntax
+#  as the non-"regexps" attributes, but they allow you to use variables in the regex.
+#
+#  What exactly that means is left undocumented by Juniper.
+#
+
+#
+#  Regular expression to match allowed commands
+#
+#	allow-commands = "(one)|(two)|(three)"
+#
+DEFINE	allow-commands					string
+DEFINE	allow-commands-regexps				string
 
 #
-# Regular expression to match denied commands
+#  Regular expression to match denied commands
+#
+#	deny-commands = "(one)|(two)|(three)"
 #
 DEFINE	deny-commands					string
+DEFINE	deny-commands-regexps				string
 
 #
-# Regular expression to match denied configurations
+#  Regular expression to match allowed configurations
+#
+#	allow-configurations = "(one thing)|(two)|(three thing)"
+#
+DEFINE	allow-configurations				string
+DEFINE	allow-configurations-regexps			string
+
+#
+#  Regular expression to match denied configurations
+#
+#	deny-configurations = "(one thing)|(two)|(three thing)"
 #
 DEFINE	deny-configuration				string
+DEFINE	deny-configuration-regexps			string