From 30eb9d2d262d7b07ed0023073820f8ca448035b9 Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Wed, 8 Jan 2025 08:58:37 -0500 Subject: [PATCH] add examples as per Juniper documentation --- share/dictionary/tacacs/dictionary.juniper | 50 +++++++++++++++++++--- 1 file changed, 44 insertions(+), 6 deletions(-) diff --git a/share/dictionary/tacacs/dictionary.juniper b/share/dictionary/tacacs/dictionary.juniper index dee162b6d1f2..51d363cecdd5 100644 --- a/share/dictionary/tacacs/dictionary.juniper +++ b/share/dictionary/tacacs/dictionary.juniper @@ -8,6 +8,11 @@ # # https://www.juniper.net/documentation/en_US/junos13.1/topics/task/configuration/tacacs-authentication-configuring.html # +# Example contents of these attributes are documented on the Juniper site: +# +# https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/topic-map/user-access-tacacs-authentication.html#id-using-regular-expressions-on-a-radius-or-tacacs-server-to-allow-or-deny-access +# +# # $Id$ # ############################################################################## @@ -18,21 +23,54 @@ DEFINE local-user-name string # -# Regular expression to match allowed commands +# User permissions. # -DEFINE allow-commands string +# user-permissions = "flag1 flag2 flag3" +# +DEFINE user-permissions string # -# Regular expression to match allowed configurations +# Each command is enclosed in parantheses: "(cmd)" # -DEFINE allow-configurations string +# Multiple commands are separated by a pipe: "(one)|(two)" +# +# The device will merge all of the regular expressions received from +# the local configuration, TACACS+ and RADIUS. +# +# Each of the following commands also has a "regexps" variant. They use the same syntax +# as the non-"regexps" attributes, but they allow you to use variables in the regex. +# +# What exactly that means is left undocumented by Juniper. +# + +# +# Regular expression to match allowed commands +# +# allow-commands = "(one)|(two)|(three)" +# +DEFINE allow-commands string +DEFINE allow-commands-regexps string # -# Regular expression to match denied commands +# Regular expression to match denied commands +# +# deny-commands = "(one)|(two)|(three)" # DEFINE deny-commands string +DEFINE deny-commands-regexps string # -# Regular expression to match denied configurations +# Regular expression to match allowed configurations +# +# allow-configurations = "(one thing)|(two)|(three thing)" +# +DEFINE allow-configurations string +DEFINE allow-configurations-regexps string + +# +# Regular expression to match denied configurations +# +# deny-configurations = "(one thing)|(two)|(three thing)" # DEFINE deny-configuration string +DEFINE deny-configuration-regexps string