As I said, Juniper just had a partnership with Great Bay Software, which seems to be the same kind of product than your CounterATC. It works very well and is available on MAG SMs since a few weeks. ... View more

Hi,   For the "BYOD" or "mac-auth" table needs, Juniper is now in partnership with GreatBay Software, which product is dedicated to this need (scan and profiles all mac-adresses on network, and create an LDAP directory matching MAC/Profiles to be reached by UAC).   This solution is now available for installation on SM-MAG modules (a little bit expensive maybe, but it does the job.)   I actually use a lot Juniper UAC, have you more examples of what is better on Cisco/missing on Juniper? ... View more

One thing you can easily verify to see if your admin account used in SA setup is good is to look in the computer OU of your AD to see if the SA managed to register himself in it. The default name is a combination of random letters, and can be seen in the SA AD configuration page, at the below in advanced settings. ... View more

Can you copy a sampel of your EX configuration (protocols dot1x tree and a sample port configuration) to help understanding?   In UAC Logs, you confirm that the authentication is successfull and you are able to see that the correct vlan is sent to the EX? ... View more

Actually its the main question I have, and my customer is not helping much.   I've tried all SSO Setups with no success, CAS is meant to be a kind of "kerberos proxy" if I have well understood the documentation I read, but Kerberos SSO is not working as well.   Thanks for your help, I'll investigate more with JTAC if no one heres already had this setup working   (And Happy New Year by the way ;) ... View more

Another information which might be usefull: <form autocomplete="off" id="fm1" class="fm-v clearfix" action="/cas/,DanaInfo=cascustomer.fr,SSL+login;jsessionid=7053970C6F6D5B5A9040DDF06BFB1170.cas1" method="post">   So, i'm not an expert in this, but it seems that this is the url where I have to post, so its modified with the jsessionid, which can explain that if its different each time, I cant specify the url to "post" in SA, since it will contains variable? ... View more

May I add that there is more values in the POST form it seems:                         <input type="hidden" name="lt" value="e1s1" />                         <input type="hidden" name="_eventId" value="submit" />                         <input class="btn-submit" name="submit" accesskey="l" value="SE CONNECTER" tabindex="4" type="submit" />                         <input class="btn-reset" name="reset" accesskey="c" value="EFFACER" tabindex="5" type="reset" />   But I tried adding them too, no changes. ... View more

Hi,   Thanks for your help.   So it seems its a POST form: <form id="fm1" class="fm-v clearfix" action="/cas/login;jsessionid=D342769083869FFB90EFF7812A2C9ED8.cas1" method="post"> with "username" and "password" <label for="username" class="fl-label"><span class="accesskey">I</span>dentifiant (login) :</label> <input id="username" name="username" class="required" tabindex="1" onchange="this.value = this.value.toLowerCase()" accesskey="i" type="text" value="" size="25" autocomplete="off"/> <input id="password" name="password" class="required" tabindex="2" accesskey="m" type="password" value="" size="25" autocomplete="off"/>   But however the "POST" method doesnt works, maybe cause there is a session cookie negociated between server and client, the goal of this CAS server is to be the central authentication which grants ressources to all others web servers. I have a JTAC case open, but posting here if someone already has this problematic.   Tried the post method and others with no sucess. But, if I set up "basic SSO" for all my web ressources, once I manually log to CAS, I have SSO on all web bookrmarks (doesnt work without), but impossible to make SSO for this CAS at first... ... View more

I have this list for clean Juniper component: 1. Delete cookies, temporary files and prefetch files from the client PC. 2. Delete the Java files from Control Panel->Java->Temporary Internet Files->Settings->Delete Files. 3. Delete the JuniperSetupClientControl Class files and JuniperSetupClientControlXP Class from Control Panel->Internet Options->Under Browsing History Tab->Settings->View Objects->Selected the above two files and delete the same. 4. Go to Control Panel > Add/Remove Programs > Remove all Juniper Programs 5. Go to Control Panel > Internet Options > General > Settings > View Objects > Delete all the ActiveX Components installed by Juniper 6. Then go to C:\Documents and Settings\<username>\Application Data\Juniper Networks\setup\ and run uninstall.exe (path might differ for Win-7 OS) 7. Go to C:\Documents and Settings\<username>\Application Data\ and Delete the Juniper Networks Folder (path might differ for Win-7 OS) 8. Go to C:\Documents and Settings\All Users\Application Data\ and Delete the Juniper Networks Folder (path might differ for Win-7 OS) 9. C:\Program Files\and Delete the Juniper Networks Folder Win-7: C:\Users\username\AppData\roaming\Juniper Networks\logging\debuglog.log and C:\Users\public\Juniper Networks\logging\debuglog.log 10. Go to Device Manager/Click View on top/Select Show Hidden Devices/Go to the Network Adapter/Delete the Juniper Networks Virtual Adapter. 11. Also from the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Juniper Networks and remove the Network Connect from the tree. HKEY_CURRENT_USER\Software\Juniper Networks and remove the Network Connect from the tree. 12. Disable the " Wired Auto Config service" on the machine under services.msc and also keep the driver signing to Ignore under System properties->Hardware->Driver Signing->choose Ignore - install any software on the machine. 13. Turn off UAC(User Account Control) on Windows-7 or Vista PCs. 14. Run CCleaner.exe if you have one. 15. Reset the Winsock and TCP/IP stack of the client machine by using the following commands from the command window: Note: The following command should be run only if the IP address to the PC was assigned by DHCP server. If it is Static IP, kindly make a note of IP information and run the following commands. type netsh int ip reset reset.txt and hit enter key. Then type netsh winsock reset and hit enter. 16. After the above steps, please reboot the machine. I'm interested for some of your script which automates this (I'm bad at programming). If someone agrees to share, let me know. Regards, Vincent ... View more

Hi, What is your SA release? However, even with last 7.2, the last MAC OS supported version is 10.6.8. (http://www.juniper.net/techpubs/software/ive/releasenotes/j-sa-sslvpn-7.2R1-supportedplatforms.pdf) Regards, Vincent ... View more

Hi, I'm not sure about your setup, but: - If you make the HC evaluation at the realm level, you can then make a role mapping rule based on the status of the Host Checker (if HC=OK -> role employee, else -> role quarantine). - You can make vlan assignment without agent, but it is needed if you want host checker. I'm pretty sure you can allow agent AND agentless client to a same realm, by selecting the rights protocols in protocol set, then make distinction with role mapping rules. With an AD configuration, make sure the NTP is configured on IC/MAG and its the same than AD server, cause this type of authentication requires time sync to work (linked to kerberos tickets I think), and it can generate authentication failed log you linked. Please make sur that the username is in the right format by the policy tracing option, you may need to remove/add the realm suffix to the username value. Hope it will help. Regards, ... View more