Screen OS

Hi,

Currently, our vpn users have to authenticate first with the juniper with a vpn user created on the juniper. Afther that, they need to authenticate with their win2k3 domain login to open outlook(exchange), shares,...
The client software is netscreen.

Is it possible and safe, to configure the Juniper 5GT with LDAP or RADIUS authentication so that our vpn users immediately can login to the domain with their domain credentials and could access exchange, shares,.... without further logins?

Are these authentication protocols just a way to authenticate the users and that's it? or is their a possibility with these protocols they effective authenticate themself on the domain and gets the domain rights configured in their AD users/computer member account?

thx

The 5GT uses the W2K3 server as an authentication device. There is no "authorization" component where user rights are exchanged or evaluated as you would get with the Juniper SSL-VPN device. So they are not logging into the domain and recieving domain rights.

Hi

I'm having the same issue and the link provided to the resolution links to itself. If anyone can post the solution it'll be very much appreciated.

What exactly is your issue? The question that was asked, and that I answered was whether or not a user could be authenticated through a netscreen FW and receive their "domain" rights. The answer is no. You can do user authentication against an AD server but it is purely for authentication. There is no ability to map user rights from the AD server to the firewall.