On 04/13/2015 11:01 AM, Eduardo Barrios wrote: > When I tested this a while back I could not get the "allow-commands" > attribute to work. The deny-commands attribute does work however. So > our ACS shell-profile read only group we had to start with a junos > login with a super-user class then use the "deny-commands" attribute > to strip the access ...request, restart, configure, etc. >
it might help you to look in /var/tmp on the juniper when the affected user is logged in.. there will be a file named per the user's login PID which has their access requirements outlined. You can probably reverse engineer the right answer from that data. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp