cancel
Showing results for 
Search instead for 
Did you mean: 

How to block login screen by domain name on SA-4500 ?

Highlighted
Occasional Contributor

How to block login screen by domain name on SA-4500 ?

I was wondering if anyone know how to configure the Juniper SA4500 to block the login screen if the user does not have the correct domain name. e.g juniper.net happens to be their microsoft domain name.

I would assume it be done in Host Checker some how if possible.

Thanks Bowling...

4 REPLIES 4
Highlighted
Valued Contributor

Re: How to block login screen by domain name on SA-4500 ?

Well a host check that is done at the "Realm" level will indeed execute before a login screen is presented. So if are you trying to prevent that from occuring it will work. But I confess that I am not 100% sure what you would want to check against based on how you described it.

Highlighted
Contributor

Re: How to block login screen by domain name on SA-4500 ?

Sounds like he wants to check the domain that a machine may be joined to. Our implementation currently uses Host Checker to retrieve the following registry key


Registry Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
Name: Domain

Type: String

Value: domain.com

As for configuring Host Checker to run prior to login, Kevin may have to speak more to that. Our policy is attached to Role Mapping for particular realms and runs after login. I'm not sure how to configure it to run elsewhere.

Highlighted
Valued Contributor

Re: How to block login screen by domain name on SA-4500 ?

Yeah - he may want to do that. Can't really tell. The key you use is a good one of course. To do the check prior to the actual login you specify a Host Checker policy for enforcement under Realm / Authentication Policy / Host Checker.

Highlighted
Occasional Contributor

Re: How to block login screen by domain name on SA-4500 ?

Thanks for the updates, I testing it and let your know.Smiley Tongue