Sorry, I haven't configured dhcp on the srx in a while. In the previous style there was a specific parameter to set domain-search in the hierarchy. I see from the documentation this has been removed in favor of the option configuration you cite.
So seems like there are three possibilities here:
- The hex conversion of the domain name is not correct
- The srx has a software bug and is not giving the domain search option
- The client is not accepting and installing the option
Is it possible to do a packet capture on the client to confirm if the option is offered?
I don't see this listed as a known public software bug in the Juniper database. But it could be a non-public one.
https://prsearch.juniper.net/InfoCenter/index?page=prsearch#qt=dhcp&bv=21.4R1&sid=srx&dt=0&mode=undefined&stype=affectingthis&start=0&srtBy=relevance------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home------------------------------
Original Message:
Sent: 03-19-2022 17:06
From: Unknown User
Subject: SRX - Juniper Secure Connect - domain name search problem
I have option 119 which is domain search
https://kb.juniper.net/InfoCenter/index?page=content&id=KB34325
is there another domain-seach I need to add?
Original Message:
Sent: 03-18-2022 20:05
From: STEVE PULUKA
Subject: SRX - Juniper Secure Connect - domain name search problem
I believe you want to configure the domain-search instead of domain-name attribute for dhcp options.
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Original Message:
Sent: 03-17-2022 13:46
From: Unknown User
Subject: SRX - Juniper Secure Connect - domain name search problem
I am running Junos 21.4 and I have clients connecting using Juniper Secure Connect. They are authenticating use LDAP to the Windows domain controller. All of that is working great.
The domain name used inside the network for all the windows servers is mycompany.local
The problem is the client is not getting a domain name search set up, i.e. if the user attempts to connect to server1, the dns fails to look up the ip address. If they connect to server1.mycompany.local, it works.
Configuration for configuration and address assignment is as follows# show access profile DYN-VPN-AD
authentication-order ldap;
ldap-options {
base-distinguished-name dc=mycompany,dc=local;
search {
search-filter sAMAccountName=;
admin-search {
distinguished-name "cn=VPNAuthentication,OU=Information Technology,OU=mycompany Users,DC=mycompnay,DC=local";
password "$9$NONEYOURBUSINESS"; ## SECRET-DATA
}
}
allowed-groups {
VPN {
address-assignment {
pool RAS-POOL1;
}
}
}
}
ldap-server {
10.0.100.10 port 389;
10.0.1.216 port 389;
}
# show access address-assignment pool RAS-POOL1
family inet {
network 10.0.110.64/26;
range range1 {
low 10.0.110.65;
high 10.0.110.126;
}
dhcp-attributes {
domain-name mycompany.local;
option 119 hex-string 096d79636f6d70616e79056c6f63616c00;
}
xauth-attributes {
primary-dns 10.0.100.10/32;
secondary-dns 10.0.1.216/32;
}
}