There are two parts to this. First, you will need to setup authentication. This doesn't use groups, but if you leverage AD auth will fail if the user is not a member of your AD or if the password/username is entered wrong. The second peice is related to Role Mapping. You can setup AD Groups and use the SA to query these groups in AD to map specific roles. You can also to configure the SA to only map users to specific roles. This means that even if a member passes auth, he/she won't be permitted access unless he/she is a member of the appropriate AD group(s). Does this help?
Hi.Hi.Thanks for the answer, but it is not quite what I was thinking of. I want to check if the computer is a member of a certain group in AD. The User authentication is OK.I do want to find a way to check if a user is logging in from computers in AD. If it is a computer in our AD, then accept connecting with NC.
Ooops! I've done that before, but didn't use AD attributes. I basically pushed out a local .txt file to company machines via the login scripts that identifies the PC as a company asset. I then used Host Checker to make sure the local file existed and that the MD5 was correct. This prevented users from logging in from external macines not part of the domain. That said I'm not sure if Juniper added machine lookup as well. Since there are custom attributes I'm guessing it's possible. However, Juniper recommended this approach a few years back and it may be outdated. Sorry I misunderstood your question. If all else fails, I hope the example above helps.