Hello ,
I have an requirement of SRX 300 firewall to use Active directory to authenticate users and provide access to the resources behind the firewall .We have many groups created in Active directory .For suppose a new user needs access to one of the application server .the user will be added to the group in active directory so that he can use the resources . I have read an article but is was not able to understand at Active directory and domain controllers . We used ADFS generally not LDAP . can anyone suggest me the configuration for this .
set services user-identification active-directory-access domain example.net user-group-mapping ldap base DC=example,DC=net
set services user-identification active-directory-access domain example.net user administrator password pwd
set services user-identification active-directory-access domain example.net domain-controller ad1 address 192.0.2.15
set access profile profile1 authentication-order ldap
set access profile profile1 authentication-order password
set access profile profile1 ldap-options base-distinguished-name CN=Users,DC=example,DC=com
set access profile profile1 ldap-options search search-filter sAMAccountName=
set access profile profile1 ldap-options search admin-search distinguished-name CN=Administrator,CN=Users,DC=example,DC=com
set access profile profile1 ldap-options search admin-search password password
set access profile profile1 ldap-server 192.0.2.3
set security policies from-zone trust to-zone untrust policy p1 match source-address any
set security policies from-zone trust to-zone untrust policy p1 match destination-address any
set security policies from-zone trust to-zone untrust policy p1 match application any
set security policies from-zone trust to-zone untrust policy p1 match source-identity unauthenticated-user
set security policies from-zone trust to-zone untrust policy p1 match source-identity unknown-user
set security policies from-zone trust to-zone untrust policy p1 then permit firewall-authentication user-firewall access-profile profile1
set security policies from-zone trust to-zone untrust policy p2 match source-address any
set security policies from-zone trust to-zone untrust policy p2 match destination-address any
set security policies from-zone trust to-zone untrust policy p2 match application any
set security policies from-zone trust to-zone untrust policy p2 match source-identity “example.com\user1”
set security policies from-zone trust to-zone untrust policy p2 then permit
set security user-identification authentication source active-directory-authentication-table priority 125