MiToken + Junos Two Factor Radius Authentication

Do you have Junos devices? If you do, excellent choice. Do you have MiToken? Once again, love your work there. If you don’t have MiToken, it’s a plug-in to the M$ IAS/NPS servers that allows mutiple types of hard and soft tokens to be used allowing secure OTPs with dual factor authentication with your Active Directory domain(s).

This post will guide you though configuring Junos to use MiToken for two factor authentiucation to help hardern your Junos devices.


For more information on MiToken visit mi-token.com.
This configuration has been tested with Junos11.1r3.5
, Junos is a registered trademark of Juniper Networks.

Junos Device Config:

Now go jump into Junos configuration mode and set the following:

[text]
# Add radius to the password auth order
set system authentication-order radius

set system radius-server x.x.x.x port 1812
set system radius-server x.x.x.x secret "SECRET"
set system radius-server x.x.x.x timeout 10
set system radius-server x.x.x.x retry 2
set system radius-server x.x.x.x source-address x.x.x.x

# Block everyone access by default
set system login user remote full-name Radius-User
set system login user remote class unauthorized

# Create users who should get access
set system login user john full-name "John Smith"
set system login user john class super-user
[/text]

MiToken / NPS Configuration:

Now lets configure the MiToken side to accept radius packets from our Junos device(s). The only down side to MiToken is it runs on Windows :-(.

1) Define a Radius client in NPS


Right click on radius clients and choose ‘New RADIUS Client’

2) Define a connection request policy


Set up your policy to identify your Junos devices … For more information refer to the MiToken Admin guide.


This step is optional. You do not have to require Windows Authentication to be active – This would take you back to single factor OTP auth

3) Enable MiToken on the connection request policy for Junos devices

4)

Enjoy you radius dual factor authentication. Your auditors and boss will now love you. Hit them up for a raise.

5)

Send some praise Cooper’s way 🙂

Author: cooperlees

Nerd @ instagram

1 thought on “MiToken + Junos Two Factor Radius Authentication”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s