SSL VPN
Reply
Visitor
elad
Posts: 2
Registered: ‎10-30-2008
0

SA2000: Authenticate users by Active Directory, cannot join domain

Hi,

  I am trying to configure the SA200 to authenticate users by the AD in the domain.
  I tried to add an authentication server by Authentication > Auth. Servers > Active Directory / Windows NT > New Server.
  I entered the details in the "New Active Directory/ Windows NT" page that follows, leaving the "Backup domain controller " field blank and "Allow trusted domains" unchecked.
  I selected "Use LDAP to get Kerboros realm name".

 When I hit the "Test configuration" button, there is a warning message "You can not change the password of the IVE computer account on the active directory server using the specified administrator credentials.."
 I am sure the server IP address I entered is the domain controller and I double check the user admin password.
 
  So what else needs to be configured?? or did I not configured correctly??

 

Regards,
ER, Matrix
Moderator Moderator
Moderator
ruc
Posts: 226
Registered: ‎11-06-2007
0

Re: SA2000: Authenticate users by Active Directory, cannot join domain

What privilege level does the service account defined on the SA have? The service account/admin account needs the privileges listed in KB2624 at the minimum.

 

 

http://kb.juniper.net/KB2624 

Regular Visitor
cgalla
Posts: 9
Registered: ‎12-06-2007
0

Re: SA2000: Authenticate users by Active Directory, cannot join domain

What are the privileges needed for the admin account? I am having the same problem on an SA-4000 running 6.3 R1. When you try looking up KB2624 you are brought back to this thread.
Distinguished Expert
muttbarker
Posts: 2,389
Registered: ‎01-29-2008
0

Re: SA2000: Authenticate users by Active Directory, cannot join domain

Try this link for the lookup

 

http://kb.juniper.net/index?page=content&id=KB2624

 

Or see the attached document if you can't get the link to work.

 

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Contributor
Posts: 138
Registered: ‎03-17-2008
0

Re: SA2000: Authenticate users by Active Directory, cannot join domain

why would the IVE want to change the password
rock the boat , dont sink the ship
Moderator Moderator
Moderator
ruc
Posts: 226
Registered: ‎11-06-2007
0

Re: SA2000: Authenticate users by Active Directory, cannot join domain

http://support.microsoft.com/kb/154501

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.