I might have been a bit hasty, thinking more of the way RADIUS is usually set up. I will try to set something up later today (if time permits), I am anyway labbing with dot1x and MAC RADIUS right now, it is somewhat similar.
/Per 19 mar 2014 kl. 03:44 skrev Шепелев Андрей <xamalon...@gmail.com>: > changed: > > set access ldap-options base-distinguished-name DC=tp,DC=ru > set access ldap-options search search-filter sAMAccountName= > set access ldap-options search admin-search distinguished-name > cn=junos,dc=tp,dc=ru > set access ldap-options search admin-search password > "$9$k.TFtu1RcyAtWLX7VbfTQ3Ap" > set access ldap-server 10.60.0.5 port 3268 > > but it did not help :((( > > > > 2014-03-18 17:32 GMT+06:00 Per Westerlund <p...@westerlund.se>: > I haven’t done it myself (yet), but you probably need to define the > ldap-server directly under the stanza ”access”. In your profile TPAD you just > reference the ldap server with address 10.60.0.5, but you have not defined > it. When you define it, you can also specify what destination port and source > address to use. > > /Per > > 18 mar 2014 kl. 11:54 skrev Шепелев Андрей <xamalon...@gmail.com>: > >> access { >> profile TPAD { >> authentication-order ldap; >> ldap-options { >> base-distinguished-name dc=tp,dc=ru; >> search { >> search-filter sAMAccountName=; >> admin-search { >> distinguished-name cn=junos,ou=users,dc=tp,dc=ru; >> password "$9$NOdY4jHmfQFDjApuOREwY2oDi"; ## SECRET-DATA >> } >> } >> } >> ldap-server { >> 10.60.0.5; >> } >> } >> firewall-authentication { >> pass-through { >> default-profile TPAD; >> } >> web-authentication { >> default-profile TPAD; >> } >> } >> } > > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp