Re: How to block login screen by domain name on SA...

bowling_ · ‎11-05-2010

I was wondering if anyone know how to configure the Juniper SA4500 to block the login screen if the user does not have the correct domain name. e.g juniper.net happens to be their microsoft domain name.

I would assume it be done in Host Checker some how if possible.

Thanks Bowling...

muttbarker_ · ‎11-05-2010

Well a host check that is done at the "Realm" level will indeed execute before a login screen is presented. So if are you trying to prevent that from occuring it will work. But I confess that I am not 100% sure what you would want to check against based on how you described it.

rcallanan_ · ‎11-08-2010

Sounds like he wants to check the domain that a machine may be joined to. Our implementation currently uses Host Checker to retrieve the following registry key

Registry Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
Name: Domain

Type: String

Value: domain.com

As for configuring Host Checker to run prior to login, Kevin may have to speak more to that. Our policy is attached to Role Mapping for particular realms and runs after login. I'm not sure how to configure it to run elsewhere.

muttbarker_ · ‎11-08-2010

Yeah - he may want to do that. Can't really tell. The key you use is a good one of course. To do the check prior to the actual login you specify a Host Checker policy for enforcement under Realm / Authentication Policy / Host Checker.

bowling_ · ‎11-12-2010

Thanks for the updates, I testing it and let your know.

How to block login screen by domain name on SA-4500 ?

How to block login screen by domain name on SA-4500 ?

Re: How to block login screen by domain name on SA-4500 ?

Re: How to block login screen by domain name on SA-4500 ?

Re: How to block login screen by domain name on SA-4500 ?

Re: How to block login screen by domain name on SA-4500 ?