cancel
Showing results for 
Search instead for 
Did you mean: 

Juniper MAG

SOLVED
jepoytengco_
Occasional Contributor

Juniper MAG

Hi, we have an appliance Juniper MAG4610 and basically our setup here is users auth via a radius server. My question is, if for example a specific user resigns and they havent returned their respective laptops, eventhough we disabled their accounts via AD, technically they can still establish vpn connections, how do we prevent this?

 

Thanks

Jeff

1 ACCEPTED SOLUTION

Accepted Solutions
spuluka
Super Contributor

Re: Juniper MAG

You could tie the RADIUS account to the AD account so when it is disabled in AD the RADIUS auth will fail.

Steve Puluka BSEET - IP Architect - DQE Communications Pittsburgh, PA (Metro-Ethernet & ISP) - http://puluka.com/home

View solution in original post

2 REPLIES 2
filbert_
Frequent Contributor

Re: Juniper MAG

Can't you remove their the account from your Radius server?

If not, you can create a role mapping rule based on their username but don't assign any roles to it. Make sure it's at the top of the list and that you check the "Stop processing rules when this rule matches" box. 

spuluka
Super Contributor

Re: Juniper MAG

You could tie the RADIUS account to the AD account so when it is disabled in AD the RADIUS auth will fail.

Steve Puluka BSEET - IP Architect - DQE Communications Pittsburgh, PA (Metro-Ethernet & ISP) - http://puluka.com/home

View solution in original post