Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SA700: Authenticate users by Active Directory, cannot join domain

SOLVED
Go to solution
ym_
Occasional Contributor
‎04-28-2008 01:27:AM
‎04-28-2008 01:27:AM

Re: SA700: Authenticate users by Active Directory, cannot join domain

I am now trying to use the Cert Server as the mode of authentication, so that the user is able to login to SSL VPN just by double-click the network connect icon. Encountered the following messages in the user logs:

1) Login failed using auth server Cert server (Certificate Server). Reason: Failed

2) Primary authentication failed for <user>/Cert server from <external IP address>

Some questions:

1) How can I know what is the "User Name Template" when configuring the cert Server?

2) My LDAP authentication is not set up. Can it cause the Cert server to have problems?

3) My Active Directory computer only has domain\administrator account (set up by others). How can I add the SA700 to join the domain?

Many thanks.

Regards,

ym

0 Kudos
smd6169_
New Contributor
‎04-30-2008 08:50:AM
‎04-30-2008 08:50:AM

Re: SA700: Authenticate users by Active Directory, cannot join domain

I am experiancing the same issue, as far as joining the domain. When I run the Test Configiration I recieve no errors yet in Users and Computers I do not see the ive device nor can I add Domain Groups.
0 Kudos
dusannovakovic_
Contributor
‎04-30-2008 10:02:AM
‎04-30-2008 10:02:AM

Re: SA700: Authenticate users by Active Directory, cannot join domain

Well, Party-People,

some posts ago in this thread i told you exactly what to do to get the IVE as memberserver into your active directory.

So simply do it and everything should be right.

When u use domain\Administrator it wont work.

So ask the Active Directory - Stuff to create a Domainuser with permission to create objects in a special OU in Active Directory (lets call the OU "VPN Users"), and let them give you the credentials of this special useraccount so you can do your job..

When u get this running (according to my howto..) you wont need any LDAP. Winbind will do all the job of authenticating and autorizing users for you - also users from trusted domains, if needed.

Or watch this screenshot-howto, this works fine ...

http://www.juniperforum.com/index.php/topic,5170.0.html

Message Edited by dusannovakovic on 04-30-2008 10:10 AM
0 Kudos
miked_
Contributor
‎08-23-2012 05:10:AM
‎08-23-2012 05:10:AM

Re: SA700: Authenticate users by Active Directory, cannot join domain

dusannovakovic, your link to to your graphic was great, we had been running fine for years and just swapped to mag2600's in a cluster, imported the config from our SA running the same code base and i recieved the errors specified in this thread, very odd since the setting work fine in our production unit.  Anyhow, went through and changed AD server names to just IP, removed the dashes from the computer names, and also left it with just kerberos and presto, everything worked.  Odd but oh well.  As for the yellow warning about server is either not a domain controller...... i still get that, but i hav been getting that since we started using the SSL way back from the 6.0 code base.... not sure why it pops up, chalk it up to something that development should either remove or clarify to whats causing the issue.

 

thanks!

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.