today we are logging in to our juniper switches via SSH with local user, as an IT Security requirement we need each IT employee who manages the switches to have its own user name for login. It is impossible to manage local users manually on each individual switch since we have dozens of them.
How can I use my AD user to login to the switches ? Is there a step-by-step guide of how to configure this both on the switches and on the windows domain controller in case a RADIUS server is needed ?
Our switches are: EX4550 JUNOS 12.3R6.6 and EX3300 JUNOS 15.1R6.7
This post may help you: https://forums.juniper.net/t5/SRX-Services-Gateway/How-to-set-up-RADIUS-authentication-on-Windows-Server-2016/m-p/458724
You will have to add RADIUS role from the NPS on windows for authentication not AD directly.
On the junos site you would setup the device to be a RADIUS client.
On the MS NPS server the RADIUS setup involves creating the client group, policy and matching authentication method with shared secret that you configure on the Junos device.
Naturally the network path from the Junos device to the RADIUS server has to be open and allowed through all the firewalls as well.
Hi and thank you for your response.
You have not provided any information on how to configure the RADIUS/NPS/Client settings on the windows side.
Is there a a Juniper guide with a step-by-step instructions on how and what to configure exactly on the RADIUS/NPS side ?
For example, for CISCO switches - there's an option to choose under "Vendor name" : "Cisco" , but there's no Juniper.
Also, there are authentication methods and a lot of other settings on the RADIUS/NPS side which should match and be compatible for Juniper specifically, and there's no information from Juniper side on how to configure these.
Right, Juniper does not produce instructions on how to configure the MS RADIUS side. And there are a lot of steps in the process. This would be an outline and the details are in the MS documentation I listed above.