SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX - Juniper Secure Connect - domain name search problem

    Posted 03-17-2022 14:28
    I am running Junos 21.4 and I have clients connecting using Juniper Secure Connect. They are authenticating use LDAP to the Windows domain controller. All of that is working great.

    The domain name used inside the network for all the windows servers is mycompany.local

    The problem is the client is not getting a domain name search set up, i.e. if the user attempts to connect to server1, the dns fails to look up the ip address. If they connect to server1.mycompany.local, it works.

    Configuration for configuration and address assignment is as follows
    # show access profile DYN-VPN-AD
    authentication-order ldap;
    ldap-options {
    base-distinguished-name dc=mycompany,dc=local;
    search {
    search-filter sAMAccountName=;
    admin-search {
    distinguished-name "cn=VPNAuthentication,OU=Information Technology,OU=mycompany Users,DC=mycompnay,DC=local";
    password "$9$NONEYOURBUSINESS"; ## SECRET-DATA
    }
    }
    allowed-groups {
    VPN {
    address-assignment {
    pool RAS-POOL1;
    }
    }
    }
    }
    ldap-server {
    10.0.100.10 port 389;
    10.0.1.216 port 389;
    }


    # show access address-assignment pool RAS-POOL1
    family inet {
    network 10.0.110.64/26;
    range range1 {
    low 10.0.110.65;
    high 10.0.110.126;
    }
    dhcp-attributes {
    domain-name mycompany.local;
    option 119 hex-string 096d79636f6d70616e79056c6f63616c00;
    }
    xauth-attributes {
    primary-dns 10.0.100.10/32;
    secondary-dns 10.0.1.216/32;
    }
    }



  • 2.  RE: SRX - Juniper Secure Connect - domain name search problem

    Posted 03-18-2022 20:06
    I believe you want to configure the domain-search instead of domain-name attribute for dhcp options.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: SRX - Juniper Secure Connect - domain name search problem

    Posted 03-20-2022 07:26

    I have option 119 which is domain search

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB34325

    is there another domain-seach I need to add?




  • 4.  RE: SRX - Juniper Secure Connect - domain name search problem

    Posted 03-20-2022 15:41
    Sorry, I haven't configured dhcp on the srx in a while.  In the previous style there was a specific parameter to set domain-search in the hierarchy.  I see from the documentation this has been removed in favor of the option configuration you cite.

    So seems like there are three possibilities here:

    1. The hex conversion of the domain name is not correct
    2. The srx has a software bug and is not giving the domain search option
    3. The client is not accepting and installing the option
    Is it possible to do a packet capture on the client to confirm if the option is offered?

    I don't see this listed as a known public software bug in the Juniper database.  But it could be a non-public one.
    https://prsearch.juniper.net/InfoCenter/index?page=prsearch#qt=dhcp&bv=21.4R1&sid=srx&dt=0&mode=undefined&stype=affectingthis&start=0&srtBy=relevance

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 5.  RE: SRX - Juniper Secure Connect - domain name search problem

    Posted 03-20-2022 19:24
    Gonna need a few days to get that set up...will be back with the results.....