cancel
Showing results for 
Search instead for 
Did you mean: 

Authentication with active directory

Occasional Contributor

Authentication with active directory

I trying to configure external authentication for users with active directory and i want to configure the ssl to check with active direcory if the user is a member of it.Any ideas on how to do this?

Thank you

4 REPLIES 4
Valued Contributor

Re: Authentication with active directory

Hey Seaweed - it is still early in California, so I may be reading your question wrong It sounds like you are just looking to do basic authentication using your AD server. The steps are very straightforward if that is what you are asking. You would define an auth-server using your AD server as the specified device.

You would then either modify a already existing realm (like the default one of users) or create a new one and specify the previously defined auth-server to be used for authentication for that realm.

You could then also use that same AD server for authorization, or use another server for that piece. I personally always prefer to use LDAP (against AD) due to the flexibility you have with it.

If I misread your question - sorry -

Occasional Contributor

Re: Authentication with active directory

the customer allready has another ssl vpn appliance which will be replaced by an SA.going quickly through the web interface i saw

CN=xx 01 DIALIN USERS,OU=Groups,OU=GR,DC=xxxxx,DC=xxxxxx,DC=com@xxxxxx A. ihave never configured previously active directory.is this something tha will be needed in the config?

Valued Contributor

Re: Authentication with active directory

The data you show in your post is LDAP data refering to fields within the AD directory. You may (or may not) need to establish an LDAP Auth-server (pointing to the AD box) if you want to use anything other than "Groups" for determing role assigment. AD on the SSL box can be used for both authentication and authorization but as I said before you are better off using LDAP for the authorization part.

I would start simple -setup an auth-server using the AD box - assign it to a realm - do a generic role map like username=* so that you can confirm that authentication works for you and then move on to more complex role mapping, first using AD Groups and then once you are comfortable with that - add a second auth-server that points back to the AD server but using LDAP.

It sounds like you are not that familiar with the SSL box or LDAP. You might want to pick up "Juniper Networks Secure Access SSL VPN" configuration guide from Syngress Publishing. It is a good basic book that really walks you through all of this stuff and I think you can get it in e-book format (read online).

Highlighted
Contributor

Re: Authentication with active directory

It sounds like you would just create an auth-server using AD as normal. Then in the role mapping have the SA place users in the DIALIN USERS group into the desired role.