SSL VPN
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
icmp
Contributor
icmp
Posts: 14
Registered: ‎05-09-2010
0

Multiple sign-in and attribute userAttr.Framed-IP-Address

Options

‎01-19-2012 05:02 AM

Hi,

 

I am interesting to use multiple sign-in but still doubt with value of attribute userAttr.Framed-IP-Address whether it will come from first authentication server or additional authentication server. I am using this attriubute for IP assignment on Network Connect profile and it looks like that it always uses attribute value from first server, getting value 255.255.255.255. If I want to use attribute value from secondary server then it is possible or not. Please advise.

 

Thanks.

Message 1 of 6 (312 Views)
 
Reply
Moderator Moderator
Moderator
zanyterp
Posts: 1,986
Registered: ‎11-19-2007
0

Re: Multiple sign-in and attribute userAttr.Framed-IP-Address

Options

‎01-19-2012 09:25 AM

It uses the primary server.

If the value is being returned from the server, you would list <userAttr{@}secondaryAuthServerName.Framed{-}IP{-}Address>

Message 2 of 6 (299 Views)
 
Reply
icmp
Contributor
icmp
Posts: 14
Registered: ‎05-09-2010
0

Re: Multiple sign-in and attribute userAttr.Framed-IP-Address

Options

‎01-19-2012 06:03 PM

@zanyterp: Many thanks for advice, btw, I have just tried with <userAttr{@}MySecondaryAuthServerName.Framed{-}IP{-}​Address> but there is error when save the NC profile as "Failed to save policy. Reason:Invalid Resource!". It looks like that I cannot use { }.

Message 3 of 6 (291 Views)
 
Reply
Moderator Moderator
Moderator
zanyterp
Posts: 1,986
Registered: ‎11-19-2007
0

Re: Multiple sign-in and attribute userAttr.Framed-IP-Address

Options

‎01-20-2012 06:39 AM

@icmp: I apologize, i had not tried it before. it looks like it will not work. Is there any way you can copy that value to your primary server to get the attribute there?

Message 4 of 6 (277 Views)
 
Reply
Lilja
Contributor
Lilja
Posts: 74
Registered: ‎12-02-2009
0

Re: Multiple sign-in and attribute userAttr.Framed-IP-Address

[ Edited ]
Options

‎01-20-2012 06:43 AM - edited ‎01-20-2012 06:46 AM

This is the syntax but it does not work with the attribute from the user profile in ActiveDirectory, you will not receive the IP correctly formatted if I remember this correctly from my attempts..

<userAttr@<authenticationserver-name>.Framed-IP-Address>

 

I used an extension attribute to put the IP adress in instead and then assign this to the user via the Network Connect > connection profile.

---------------------------------------------------
Please mark this post as 'accepted solution' if my input answers your question!
A kudo would be nice if you think I deserve it.
---------------------------------------------------
2 A/P clustered 6500, 7.2R9
2 A/P clustered 2500, 7.4R2 LAB
Message 5 of 6 (275 Views)
 
Reply
icmp
Contributor
icmp
Posts: 14
Registered: ‎05-09-2010
0

Re: Multiple sign-in and attribute userAttr.Framed-IP-Address

Options

‎01-23-2012 01:31 AM

@zanyterp: I have just revised and use the attribute from first server instead  :smileyhappy:

@Lilja: Thanks   :smileyhappy:

Message 6 of 6 (254 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.