I am having quite a bit of trouble with the Certificates.
I can get the configuration to require a client certificate, which prompts me for the card PIN.
After that I successfully configured LDAP authorization to our Active Directory server.
However, we still need to supply an LDAP password in order to gain access to any file shares.
Apparently, the certificate authentication alone is not enough to grant a kerberos token from our AD server.
The best I can do is require the certificate, forward the username, and then have users type in a password.
But this will not work with our goals since we are going to scramble the passwords through AD to require only smartcard authentication.
Is there is a way to satisfy LDAP password requirements without having to manually enter a password?
I know EAP authentication can do that, but there is no setting on the appliance to enable EAP authentication.
i have the same problem
Juniper support confirm me that is not possible to use SA like a EAP proxy.
To solve my problem i use a certificate authentication, then i start a network connection to access the resource using explorer (not the sa portal plug-in).