I was wondering if anyone know how to configure the Juniper SA4500 to block the login screen if the user does not have the correct domain name. e.g juniper.net happens to be their microsoft domain name.
I would assume it be done in Host Checker some how if possible.
Well a host check that is done at the "Realm" level will indeed execute before a login screen is presented. So if are you trying to prevent that from occuring it will work. But I confess that I am not 100% sure what you would want to check against based on how you described it.
Sounds like he wants to check the domain that a machine may be joined to. Our implementation currently uses Host Checker to retrieve the following registry key
Registry Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
As for configuring Host Checker to run prior to login, Kevin may have to speak more to that. Our policy is attached to Role Mapping for particular realms and runs after login. I'm not sure how to configure it to run elsewhere.
Yeah - he may want to do that. Can't really tell. The key you use is a good one of course. To do the check prior to the actual login you specify a Host Checker policy for enforcement under Realm / Authentication Policy / Host Checker.