Integrating Active Directory authentication with a Juniper SA device will allow users to use their AD credentials when signing onto a realm, therefore aiding in the creation of a single sign-on environment.
This is simple to implement on the SA device, although most of the extra configuration work that’s required will have to be performed on the firewalls. Firewall configuration is out of scope for this entry.
1) Select Authentication > Auth Servers > Active Directory/Windows NT > New Server to create a new server entry.
2) Enter the following details:
3) Under the Advanced options tab it’s possible to change the container name where the system(s) will be stored (default is the Computers container). You can also alter the name of the SA device.
Once the authentication realm has been configured it’s then possible to assign this to a user realm.
1) Select or create a new user realm.
2) Select General > Servers and alter the authentication server to that of the one previously created. You’ll need to open the appropriate ports on the firewall (assuming the SA device is in a DMZ and the AD server(s) are in different zones) so that a user is able to authenticate. This obviously won’t be an issue if your AD server is in the same zone as the SA(s).