SSL VPN
Reply
Visitor
S Mazhar
Posts: 8
Registered: ‎01-09-2012
0

Setting up Microsoft Radius Authentication/Authorization Servers - Junos Vendor ID

Hallo,

 

earlier this year i tried to search for the Vendor ID in order to set up Microsoft Radius Authentication/Authorization Server.

I could't find any documentation neither in Forum and nor in the KBs. A long search led me to the following website which helped me easily setup Radius Authentication/Authorization Servers

 

http://cooperlees.com/blog/?p=458

 

Just wanted to share info.

 

Kind Regards

Khan

Moderator
zanyterp
Posts: 2,300
Registered: ‎11-19-2007
0

Re: Setting up Microsoft Radius Authentication/Authorization Servers - Junos Vendor ID

Thank you for sharing; that is greatly appreciated.

Trusted Expert
kalagesan
Posts: 377
Registered: ‎08-09-2011
0

Re: Setting up Microsoft Radius Authentication/Authorization Servers - Junos Vendor ID

Hi,

 

Thanks for the info.

I have gonethrough th elink shared and understood that we can use ADS groups can be used by MS-NPS Radius server however i would like to know, in SA role mapping rule on what what basis you are doing the rolemapping, is it using the user attribute type or username based  because, your actual requirement is you wanted group looking using microsoft radius server as authentication/authorization server.

 

Regards,

Kannan

 

 

Visitor
S Mazhar
Posts: 8
Registered: ‎01-09-2012
0

Re: Setting up Microsoft Radius Authentication/Authorization Servers - Junos Vendor ID

[ Edited ]

Hi Kannan,

 

I guess you are talking about the other thread:

http://forums.juniper.net/t5/SSL-VPN/Role-Mapping-based-on-Active-Directory-User-Group-using-Radius/...

 

Yes you are right, Radius Authentication is based on AD Group but once this method is used, so far I couldn't find a way to map roles based on AD Groups.  

Apparently this is possible only with LDAP or AD Authentication. At Present, since we have few users, we are doing it by username. We intend to Implement RSA token Server later in May and maybe then we switch to AD or LDAP Authentication. Untill then I will be looking for a solution to the problem posted in the above thread.

 

Kind Regards

Khan

Moderator
zanyterp
Posts: 2,300
Registered: ‎11-19-2007
0

Re: Setting up Microsoft Radius Authentication/Authorization Servers - Junos Vendor ID

correct, AD group membership cannot be used through radius. 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.