cancel
Showing results for 
Search instead for 
Did you mean: 

smartcard certificates problem.

Not applicable

smartcard certificates problem.

I am having quite a bit of trouble with the Certificates.
I can get the configuration to require a client certificate, which prompts me for the card PIN.

After that I successfully configured LDAP authorization to our Active Directory server.

However, we still need to supply an LDAP password in order to gain access to any file shares.
Apparently, the certificate authentication alone is not enough to grant a kerberos token from our AD server.
The best I can do is require the certificate, forward the username, and then have users type in a password.
But this will not work with our goals since we are going to scramble the passwords through AD to require only smartcard authentication.

Is there is a way to satisfy LDAP password requirements without having to manually enter a password?
I know EAP authentication can do that, but there is no setting on the appliance to enable EAP authentication.

4 REPLIES 4
Respected Contributor

Re: smartcard certificates problem.

No. You have to have users provide a password either at login or when attempting to load the share
Not applicable

Re: smartcard certificates problem.

i have the same problem

Juniper support confirm me that is not possible to use SA like a EAP proxy.

To solve my problem i use a certificate authentication, then i start a network connection to access the resource using explorer (not the sa portal plug-in).

Regular Contributor

Re: smartcard certificates problem.

Here's some links to share:
http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB12289
http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB22940

Hope it helps!



Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT/SEC, JNCIP-ENT
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
Occasional Contributor

Re: smartcard certificates problem.

These links do not work. Not helpful