so my mistake was in the following: ge-0/0/2 { unit 0 { family inet { address 10.15.10.3/24 { web-authentication http; } address 10.15.10.2/24; } } }
i did not used address 10.15.10.3/24 { web-authentication http; } but now i recieved the following error: Mar 26 02:42:03 LDAP:AUTH: Admin search for user DN before bind, auth_id=AUTH8c1a1c0:6 Mar 26 02:42:03 LDAP:AUTH: Admin Bind failed. Result=49, auth_id=AUTH8c1a1c0:6 Mar 26 02:42:03 LDAP:AUTH: Admin Bind failed. Error msg=80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1, auth_id=AUTH8c1a1c0:6 Mar 26 02:42:03 Framework - module(ldap) return: FAILURE Mar 26 02:42:03 authd_advance_module_for_aaa_response_msg: r there is an admin record in AD with the correct password http://screenshot.su/show.php?img=e994b22915a388a3399b23d0d982da7a.jpg http://screenshot.su/show.php?img=1748986a1a7aab2e7df5c0bea903b1ac.jpg =(( 2014-03-21 13:54 GMT+06:00 Bikram Singh <sbik...@live.com>: > > > > > > > From: sbik...@live.com > > To: xamalon...@gmail.com > > Date: Fri, 21 Mar 2014 13:14:31 +0530 > > CC: juniper-nsp@puck.nether.net > > Subject: Re: [j-nsp] SRX100 LDAP > > > > > > > > > > tried everything nothing helps... i`m begining to think that i have > broken srx =)) or something like that. it did not want even trying to > athorize the users .... very strange > > Are you able to get the webpage for authentication ? Is your ldap server > fine ? I mean is there any other authentication happening on that from > other device ? > >distinguished-name cn=junos,dc=tp,dc=ru; > In your configuration I see you are using junos as a user . Can you > confirm who is this user ? This user must be the administrator of ldap > server who can do ldap directory search . > I see you have defined ldap-options twice in the configuration . Only > define ldap-options under profile and delete it from global level . > What ldap server are you using ? > The Configuration I shared earlier are the working ones . > Bikram > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp