I might have been a bit hasty, thinking more of the way RADIUS is usually set
up. I will try to set something up later today (if time permits), I am anyway
labbing with dot1x and MAC RADIUS right now, it is somewhat similar.
/Per
19 mar 2014 kl. 03:44 skrev Шепелев Андрей <xamalon...@gmail.com>:
> changed:
>
> set access ldap-options base-distinguished-name DC=tp,DC=ru
> set access ldap-options search search-filter sAMAccountName=
> set access ldap-options search admin-search distinguished-name
> cn=junos,dc=tp,dc=ru
> set access ldap-options search admin-search password
> "$9$k.TFtu1RcyAtWLX7VbfTQ3Ap"
> set access ldap-server 10.60.0.5 port 3268
>
> but it did not help :(((
>
>
>
> 2014-03-18 17:32 GMT+06:00 Per Westerlund <p...@westerlund.se>:
> I haven’t done it myself (yet), but you probably need to define the
> ldap-server directly under the stanza ”access”. In your profile TPAD you just
> reference the ldap server with address 10.60.0.5, but you have not defined
> it. When you define it, you can also specify what destination port and source
> address to use.
>
> /Per
>
> 18 mar 2014 kl. 11:54 skrev Шепелев Андрей <xamalon...@gmail.com>:
>
>> access {
>> profile TPAD {
>> authentication-order ldap;
>> ldap-options {
>> base-distinguished-name dc=tp,dc=ru;
>> search {
>> search-filter sAMAccountName=;
>> admin-search {
>> distinguished-name cn=junos,ou=users,dc=tp,dc=ru;
>> password "$9$NOdY4jHmfQFDjApuOREwY2oDi"; ## SECRET-DATA
>> }
>> }
>> }
>> ldap-server {
>> 10.60.0.5;
>> }
>> }
>> firewall-authentication {
>> pass-through {
>> default-profile TPAD;
>> }
>> web-authentication {
>> default-profile TPAD;
>> }
>> }
>> }
>
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
