Debug logging is via trace options. So I think your best starting point is to enable under
set services user-identification traceoptions file MYLOGNAME
set services user-identification traceoptions flag all
To view the logs after a transaction
show log MYLOGNAME
These will auto roll to 5 files I think so to see the number of files and the dates
show log MYLOGNAME?
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home------------------------------
Original Message:
Sent: 08-19-2021 14:40
From: Unknown User
Subject: Troubleshooting AD User Firewall
Greetings,
We're trying to set up the Active Directory based user firewall. We've followed the basic set up here: Configure Integrated User Firewall
However, I've made the changes to fit into our AD system, but still can't seem to get any users through. Probably just misconfiguration on my end, but not sure where. I've been trying to figure out how to turn on logging that will give some kind of feedback on what particular config isn't right. Anyhow, I reckon it probably starts with the arcane LDAP base distinguished name syntax and goes on from there.
Does anyone out there have any experience with setting this up?
Thank you.