Under Windows Network Policy Server (NPS)
Create a shared secret template, name it SRXpassword or something and make a password.
Create a new network policy and name it, leave the network access server unspecified
Click next and select the Windows Group and select the group(s) you want to access the device.
Click next and select access granted
For the type of encryption, click add, select MS-CHAPv2
Do not change anything under the constraint page and click next.
Remove everything from the Standard RADIUS attributes and select the vendor specific type. Click add and select vendor specific
Enter the Juniper vendor code 2636 and click yes it conforms
Put in the vendor-assigned attribute number 1 and select string as the attribute format and type in su
Click OK to close it and back to the menu select the encryption type. Uncheck everything except strongest encryption and click next and finished.
Create the new RADIUS client and populate the information of your firewall. Select the share secret template you create earlier.
On the Juniper SRX Firewall
Type in the following and fill in your server IP and password.
set system authentication-order [
password radius ]
set system radius-server
192.168.1.2 secret WhatEverPasswordYouMade
set system radius-options
password-protocol mschap-v2
set system login user su class super-user
commit
No comments:
Post a Comment