yeah I've used this too and depending on the local profile it shows what I expect it too, but what it doesn't show is minus the ACS attributes if at all I would see that here...
I think a deeper packet inspection can identify what the messages are saying, will try to do that at some point > On 13 Apr 2015, at 23:42, Chris Kawchuk <juniperd...@gmail.com> wrote: > > Show cli authorization. Should show you the current login credentials and > such. > >> On 14 Apr 2015, at 8:23 am, Sukhjit Hayre <sukhjit.ha...@googlemail.com> >> wrote: >> >> hi Chris >> >> thanks for the reply, actually I did not see any user file in /var/tmp >> whilst logged-in im running vSRX firefly 12.1X47-D10.4 >> >> On Mon, Apr 13, 2015 at 4:07 PM, Chris Morrow <morr...@ops-netman.net> >> wrote: >> >>> >>> >>>> On 04/13/2015 11:01 AM, Eduardo Barrios wrote: >>>> When I tested this a while back I could not get the "allow-commands" >>>> attribute to work. The deny-commands attribute does work however. So >>>> our ACS shell-profile read only group we had to start with a junos >>>> login with a super-user class then use the "deny-commands" attribute >>>> to strip the access ...request, restart, configure, etc. >>> >>> it might help you to look in /var/tmp on the juniper when the affected >>> user is logged in.. there will be a file named per the user's login PID >>> which has their access requirements outlined. You can probably reverse >>> engineer the right answer from that data. >>> _______________________________________________ >>> juniper-nsp mailing list juniper-nsp@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/juniper-nsp >> _______________________________________________ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp