Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SBR] How to strip the domain name in the authentication request

0

0

Article ID: KB24983 KB Last Updated: 08 Mar 2017Version: 3.0
Summary:
This article provides information on how to strip domain name from the authentication request, so that only the username value can be passed to the backend authentication server (LDAP).
Symptoms:
  • The LDAP server cannot process the authentication request, which is coming with domain name as well (for example: domain\username). 

  • So, only the username value from the authentication request needs to be forwarded.

  • To perform the same, SBR needs to strip the domain name off from the initial request and send only the username to the respective backend authentication server.


Cause:
 
Solution:
For Global Enterprise version of SBR:

  1. Edit the radius.ini file, which is available in the default service directory (C:\Program Files\Juniper Networks\Steel-Belted Radius\Service).

  2. In the [strip] section (create it, if it is not present):
    [Strip]
    Authentication=yes
    Accounting=no
    StripPrefixCharacters=\
       
    [StripPrefix]
    example.com\
    In the above example, all the characters before \ will be stripped by SBR and then only the username will be forwarded to authentication server.

  3. Restart the SBR services.

For Enterprise Edition of SBR:

The above option is not available for SBR EE. To set this option in Enterprise Edition, perform the following procedure:
  1. Edit the vendor.ini file, which is available in the SBR service directory (by default, it is in C:\Program Files\Juniper Networks\Steel-Belted Radius\Service).

  2. Under the used dictionary file (look for it under the make/model field of radius client), specify the discard-before variable:
    vendor-product = Juniper EX switch
    dictionary = Radius
    ignore-ports = no
    help-id = 2000
    discard-before = \
    In the above example, all the characters before \ will be stripped off by SBR.

  3. Restart the SBR service.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search