Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

[UAC Juniper Xperts ] i have some questions about Client setup (single-sign-on with AD 2008 R2 )

kamran_shakil_
Occasional Contributor
‎09-06-2011 09:40:AM
‎09-06-2011 09:40:AM

[UAC Juniper Xperts ] i have some questions about Client setup (single-sign-on with AD 2008 R2 )

Hi ALL,

As i said in the title , my setup with clientless is working fine :smileyindifferent Smiley Happy with AD 2008 R2 , but user has to type each time he logs in to windows and opens up the internet explorer or firefox . My management wants single-sign-on, I want to go for junos pulse client ... i have folllwoing questions :

1> For single-sign-on i am running windows 2008 R2 and what should be the client ? can junos pulse will work ?
2> once the user-signs in , automatically the resources and other stuff would be decided ?
3> Is there any extra-settings to be done, or i just need to select agent and download to client ?
4> how can i do automatic download to each client PC so that i do not have to push using USB the client Junos pulse software ?

note : My solution is working and based on L3 enforcement via ISG to IC Cluster via captive portal setting. My ISG is running 6.x and UAC is running 4.1R3 release!

regards,

waiting.........for Xpert replies!

0 Kudos
6 REPLIES 6
srigelsford_
Contributor
‎09-13-2011 02:54:AM
‎09-13-2011 02:54:AM

Re: [UAC Juniper Xperts ] i have some questions about Client setup (single-sign-on with AD 2008 R2

Hi,

For single sign on you will need to use Odyssey rather than pulse. Pulse cannot SSO yet.

Odyssey grabs the credentials that the user types into windows, so your AD system will be completely compatable.

The Infranet controller will the automatically assign the resources, this can be to move the suer into a particular vlan, or to open up rules on a juniper firewall. No interaction from the suer is needed at any point.

The best option for deployment is to create your odyssey settings on one computer, then the client lets you export the settings into an MSI. Use GPO in active directory, or a startup script to roll it out automatically, or users can browse to the Infranet Controller and it will download automatically, but this obviously involves users doing something which isn't ideal.

Sam.

0 Kudos
kamran_shakil_
Occasional Contributor
‎09-13-2011 05:15:AM
‎09-13-2011 05:15:AM

Re: [UAC Juniper Xperts ] i have some questions about Client setup (single-sign-on with AD 2008 R2

I got it but still 2 more questions for calrification on ur reply :

1> if i can only use odessy does it SUPPORT and FULLY compatible with WINDOWS 2008 R2 , i have IC 4500 4.1 R3 with cluster setup ?

2> if i am using L3 enforcement does this setup would be fine and work well with the point number 1 above !

plase do reply.

waitin.

0 Kudos
srigelsford_
Contributor
‎09-13-2011 08:57:AM
‎09-13-2011 08:57:AM

Re: [UAC Juniper Xperts ] i have some questions about Client setup (single-sign-on with AD 2008 R2

Is windows 2k8 your client?

I read it as your AD server the first time round. I believe that only the desktop editions of windows (xp, vista, 7) are fully supported and compatable.

If you are using a server as your client, are you using it is a terminal server? If so NAC is no use at all to you.

Sam.

0 Kudos
kamran_shakil_
Occasional Contributor
‎09-13-2011 11:51:AM
‎09-13-2011 11:51:AM

Re: [UAC Juniper Xperts ] i have some questions about Client setup (single-sign-on with AD 2008 R2

Yes. It is Not the Clint but my AD is 2008 r2...... Would it work well with clients using odesy client.... How can I install agents ......? Plus does Clint need to do something to make it work for them ? I am using kaspersky av 2011 would it be fine ? Can it work in sandbox? Does the agent be updating itself later ? Ever!
0 Kudos
apaul_
Regular Contributor
‎09-13-2011 06:42:PM
‎09-13-2011 06:42:PM

Re: [UAC Juniper Xperts ] i have some questions about Client setup (single-sign-on with AD 2008 R2

Odyssey access client L3 Connection to IC with 2008 R2 AD as back end server should not be issue.

There are some known issues around 2008 R2 AD, but they are with OAC using Machine Authentication with machine credentials as well as OAC, and any third party supplicant utilizing the MSCHAPv2 authentication protocol_.

Here is the url for the PSN on this subject http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-09-936&viewMode..._

For Windows endpoints, you can have your users browse to the Infranet Controller sign-in URL.

Odyssey Access Client then automatically installs on the userÍs endpoint as the default behavior.

You can create a preconfigured installer for the Odyssey Access Client that is downloaded to Windows endpoints.

A preconfigured installer contains the settings settings you configured using the Odyssey Client Administartor .The preconfigured installer downloads are role-based.

HTH

0 Kudos
kamran_shakil_
Occasional Contributor
‎09-13-2011 09:34:PM
‎09-13-2011 09:34:PM

Re: [UAC Juniper Xperts ] i have some questions about Client setup (single-sign-on with AD 2008 R2

ok thnx...i will try it out accordingly !

any reference for link to single-sign-on or example config or any kb.pulsesecure.net ?????

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.