[j-nsp] SRX100 LDAP
Per Westerlund
p1 at westerlund.se
Wed Mar 19 02:53:02 EDT 2014
I might have been a bit hasty, thinking more of the way RADIUS is usually set up. I will try to set something up later today (if time permits), I am anyway labbing with dot1x and MAC RADIUS right now, it is somewhat similar.
/Per
19 mar 2014 kl. 03:44 skrev Шепелев Андрей <xamalon4eg at gmail.com>:
> changed:
>
> set access ldap-options base-distinguished-name DC=tp,DC=ru
> set access ldap-options search search-filter sAMAccountName=
> set access ldap-options search admin-search distinguished-name cn=junos,dc=tp,dc=ru
> set access ldap-options search admin-search password "$9$k.TFtu1RcyAtWLX7VbfTQ3Ap"
> set access ldap-server 10.60.0.5 port 3268
>
> but it did not help :(((
>
>
>
> 2014-03-18 17:32 GMT+06:00 Per Westerlund <p1 at westerlund.se>:
> I haven’t done it myself (yet), but you probably need to define the ldap-server directly under the stanza ”access”. In your profile TPAD you just reference the ldap server with address 10.60.0.5, but you have not defined it. When you define it, you can also specify what destination port and source address to use.
>
> /Per
>
> 18 mar 2014 kl. 11:54 skrev Шепелев Андрей <xamalon4eg at gmail.com>:
>
>> access {
>> profile TPAD {
>> authentication-order ldap;
>> ldap-options {
>> base-distinguished-name dc=tp,dc=ru;
>> search {
>> search-filter sAMAccountName=;
>> admin-search {
>> distinguished-name cn=junos,ou=users,dc=tp,dc=ru;
>> password "$9$NOdY4jHmfQFDjApuOREwY2oDi"; ## SECRET-DATA
>> }
>> }
>> }
>> ldap-server {
>> 10.60.0.5;
>> }
>> }
>> firewall-authentication {
>> pass-through {
>> default-profile TPAD;
>> }
>> web-authentication {
>> default-profile TPAD;
>> }
>> }
>> }
>
>
More information about the juniper-nsp
mailing list