As per Juniper documentaiton, User records contain all persistent cookies, SSO information, personal bookmarks, and other resource preferences for a particular user on the SA Series device. User Records are stored on each respective SA Authentication server instance created on the SA (Authentication > Auth. Servers > Users Tab).
Now, how can i retrieve the user records, especially Persona Bookmarks, while migrating the authentication servers from LDAP to AD? By default, the personal bookmarks are lost during such migration. I need new a way to keep user records after the migraiton.
Thank you in advance for your feedback,
Failover is not needed. The configuration is to configure URS to point to each other. For example,
Configured for server/client
This client: Primary Server=node2
This server: Peer&Client=node2
Same configuration, but point them to node 1.
Ensure you set the Enable User Record Sync on each Authentication Server with the same name or the setting above will not do anything.
User record Sync whould help you out.
User record sync is only supported to work between two different standalone devices or two different clusters. If you have two separate standalone devices, this may be a possible solution.
You can attempt to enable user record sync in the same device, end user will see an message "Retrieving user record is in progress. Any modifications to bookmarks and preferences will be overwritten when the record is retrieved" and produce a failure message. I did notice the user create bookmarks will be transferred, but it is unclear if all data within the user record is transferred properly. In the end, this method is not supported and should be used at your own risk.
I did more testing and this solution seems to work in a standalone environment. If user record sync is enabled, you can make this a "client and server" and configured the device to itself.
However, I did have some issues with this configuration within a cluster environment. This is where I would receive the error message stated in the previous comment. I was able to work around this by making both nodes in the cluster as a "client and server" and point to each other instead of itself.
Thank you for the feedback and tests.
1. Do you have the screen captures for this setup within a cluster?
2. Did you configure both cluster members as "Client and Server" function? pointing to each other as Peer Servers or Client pointing to Server?
3. Do you have to do a manual synchronization (export>import) or is it automatic?
Thank you in advance,
Yes, both nodes need to be configured as client/server and they need to be pointed to each other as Peer and Client.. A manual sync is not required. When each user logs it, it will run the user record sync and grab the necessary data from each other to ensure all the data is the same on each node.