As i said in the title , my setup with clientless is working fine :smileyindifferent with AD 2008 R2 , but user has to type each time he logs in to windows and opens up the internet explorer or firefox . My management wants single-sign-on, I want to go for junos pulse client ... i have folllwoing questions :
1> For single-sign-on i am running windows 2008 R2 and what should be the client ? can junos pulse will work ?
2> once the user-signs in , automatically the resources and other stuff would be decided ?
3> Is there any extra-settings to be done, or i just need to select agent and download to client ?
4> how can i do automatic download to each client PC so that i do not have to push using USB the client Junos pulse software ?
note : My solution is working and based on L3 enforcement via ISG to IC Cluster via captive portal setting. My ISG is running 6.x and UAC is running 4.1R3 release!
waiting.........for Xpert replies!
For single sign on you will need to use Odyssey rather than pulse. Pulse cannot SSO yet.
Odyssey grabs the credentials that the user types into windows, so your AD system will be completely compatable.
The Infranet controller will the automatically assign the resources, this can be to move the suer into a particular vlan, or to open up rules on a juniper firewall. No interaction from the suer is needed at any point.
The best option for deployment is to create your odyssey settings on one computer, then the client lets you export the settings into an MSI. Use GPO in active directory, or a startup script to roll it out automatically, or users can browse to the Infranet Controller and it will download automatically, but this obviously involves users doing something which isn't ideal.
I got it but still 2 more questions for calrification on ur reply :
1> if i can only use odessy does it SUPPORT and FULLY compatible with WINDOWS 2008 R2 , i have IC 4500 4.1 R3 with cluster setup ?
2> if i am using L3 enforcement does this setup would be fine and work well with the point number 1 above !
plase do reply.
Is windows 2k8 your client?
I read it as your AD server the first time round. I believe that only the desktop editions of windows (xp, vista, 7) are fully supported and compatable.
If you are using a server as your client, are you using it is a terminal server? If so NAC is no use at all to you.
Odyssey access client L3 Connection to IC with 2008 R2 AD as back end server should not be issue.
There are some known issues around 2008 R2 AD, but they are with OAC using Machine Authentication with machine credentials as well as OAC, and any third party supplicant utilizing the MSCHAPv2 authentication protocol_.
Here is the url for the PSN on this subject http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-09-936&viewMode..._
For Windows endpoints, you can have your users browse to the Infranet Controller sign-in URL.
Odyssey Access Client then automatically installs on the userÍs endpoint as the default behavior.
You can create a preconfigured installer for the Odyssey Access Client that is downloaded to Windows endpoints.
A preconfigured installer contains the settings settings you configured using the Odyssey Client Administartor .The preconfigured installer downloads are role-based.
ok thnx...i will try it out accordingly !
any reference for link to single-sign-on or example config or any kb.pulsesecure.net ?????