Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
since ‎10-29-2017
‎10-29-2017
wimclend_
Occasional Contributor

Re: dte edition uac ?

by in Pulse Policy Secure
‎02-16-2011 08:42:AM
‎02-16-2011 08:42:AM
DTE edition is now available on the UAC download page -- it came out with the 4.1R1 release earlier this week. Haven't yet had a chance to run it, but i've found the SA DTE edition to be invaluable for ad-hoc testing and troubleshooting of issues; hopefully the UAC DTE edition will prove the same value. Will ... View more

Re: UAC auth for admin sessions to EX

by in Pulse Policy Secure
‎05-08-2010 10:46:PM
‎05-08-2010 10:46:PM
i guess i posted too early . . . got it working it looks like. I had to add MS-CHAP-v2 as an allowed protocol under the Protocol Set associated with my realm. Once I did that it started working properly Here's a new question tho -- if I have Roles that need access to the devices for radius-based auth for management of the device, but at the same time need host checker policies enabled on the Role for endpoint compliance to be on the network . . . I think if I enforce the host checker policy, it will fail because MS-CHAP-v2 obviously can not check Host Checker. Anyone have a clever way around that? ... View more

UAC auth for admin sessions to EX

by in Pulse Policy Secure
‎05-08-2010 10:20:PM
‎05-08-2010 10:20:PM
hello all, wasn't sure if I should put this question here, or in the EX section . . . I have an EX switch that is working with the UAC to provide 802.1x authentication for both supplicant users and a MAC-based authentication for devices that don't support it. now I would like to have the UAC also authenticate SSH sessions to the EX itself for management. I got this working a long time ago, but the RADIUS server was IAS. Here is my current config for radius auth for admin sessions: [edit system[ radius-server { 172.17.100.15 { secret "$9$GYUHmf5FnCuZU/tOBEh"; ## SECRET-DATA source-address 172.17.10.2; } } login { class radius-ro { permissions view; } class radius-rw { permissions all; } user radius-ro { uid 2001; class radius-ro; } user radius-rw { uid 2002; class radius-rw; } } from what I remember, the class had to match the user-name (at least working with IAS . . .), hence my class and login names are the same. on the UAC side, the EX is already a RADIUS client in a "Wired" Location Group, and already has a policy to assign a VLAN based on successful authentication and AD Group membership. I created a new policy to return Juniper-Local-User-Name of 'radius-rw'. However when I try to login, the UAC log shows the following: Radius authentication rejected for wmclendon (realm 'Mac-Auth-Realm') from location-group 'Wired' and attributes are: NAS-IP-Address = 172.17.10.2 Requested authentication protocol may not be available EDIT: also seeing this in the Event log on the UAC: RADIUS: Library Requires EAP and credentials are not EAP --- at a loss on this one it appears to be trying to authenticate against the MAC Authentication Realm I configured for the Location Group, and no tthe Realm that actually has the information . . . and i'm not sure why i'm seeing the requested protocol may not be available messages... ... View more

Radius Auth with IAS as backend

by in Pulse Policy Secure
‎08-31-2009 08:15:AM
‎08-31-2009 08:15:AM
Hi everyone, quick question I am hoping someone has run into before -- I am setting up UAC in a lab environment and testing the various configuration options with native supplicants, OAC, etc. I am running into an issue with the native Windows 802.1x supplicant authenticating with my IC: - Radius authentication rejected for wmclendon (realm 'wired') from location-group 'Internal Loc Group' and attributes are: NAS-IP-Address = 172.17.1.1,NAS-Port = 76,NAS-Port-Type = 5 Info AUT23457 2009-08-31 11:09:28 - ic - [0.0.0.0] wmclendon(wired)[] - Login failed using auth server LAB-AD (LDAP Server). - Primary authentication failed for wmclendon/LAB-AD from 00-21-70-76-4d-01 - Could not authenticate user wmclendon in LDAP server LAB-AD using protocol MSCHAPV2: challenge-response open protocols are disabled. I have my ADserver in the IC as an LDAP server (I seem to remember someone telling me this was a better idea than just using AD . . . is that still the case?) The issue seems obvious, but I have no idea how to enable MSCHAPv2 on my AD server . . . and google has gotten me nowhere. I realize this is an MS issue and not Juniper, but hoping my fellow Juniper brethren know a quick fix for this :) If the supplicant is OAC, authentication works without issue Also when I change it from an LDAP server to an AD server, everything works fine. So really I guess my question is what are the advantages (disadvantages?) of using an LDAP server vs configuring it as an AD? Thanks, Will ... View more

v7.0R1 NC oddity with Windows 7

by in Pulse Connect Secure
‎04-03-2009 09:10:AM
‎04-03-2009 09:10:AM
Hi all, Seeing a weird oddity here with NetConnect with Windows 7 -- The platform is an SA700 running v7.0R1 NetConnect launches and connects, we can ping internal addresses and have the access we need, but if we run the diagnostic, we see "NC Tunnel Not established" When an XP client connects, we get "NC Tunnel Established" as expected. Here's the weird thing...I test the same Windows 7 client against an SA2500 running 7.0R1 (different configuration though), and I get "NC Tunnel Established" from the diagnostics like I would expect. Anyone have any ideas what could be causing that behavior?  In the grand scheme of things it appears not to be causing connectivity issues, but I'm not sure if it is indicative of some other possible config issues or something. Thanks, Will ... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.