Configuring Juniper SSG firewall active-directory auth with IAS

Posted in 2012/01/23 ¬ 15:51h.Imi

One of my customer opened a case to implement this feature. Of course a lot of half true tutorial are on the NET, but non of these complete. So I show you :

IAS konfig:

1 connection reques policies
-drop exiting policies
-add new:
client-vendor matches “Radius standard”

2. Remote Access Policies
-add new
custom
windows group
grand remote access
edit
authentication
select pap,spap, unselect ms-chap & ms-chap v2
advanced
drop ppp
add vendor-specific ( vendor code 3224 )
-yes, it conforms
configure attribute
vendor assigned attribute number ( 3 )
attribute format ( string )
value external ( group name @juniper device )

3. Add client ( radius standard )

Juniper config:
1. configure radius server
set auth-server "radius_teszt" id 1
set auth-server "radius_teszt" server-name "ip-address"
set auth-server "radius_teszt" account-type auth xauth
set auth-server "radius_teszt" radius secret "shared secret"

2. configure external group ( groupname the external value configured @
remote access policy )
set user-group "proba" id 1
set user-group "proba" location external
set user-group "proba" type auth xauth

You can flavour it with timeout or other parameter you want. It’s just a working tutorial to use it with firewall filters.

személyes, , ,

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
Kérlek, a képen látható kód beírásával igazold, hogy nem vagy robot.
Anti-Spam Image