Home g33k MiToken + Junos Two Factor Radius Authentication

MiToken + Junos Two Factor Radius Authentication

g33k · 2011-08-16 · 1 Comment

Do you have Junos devices? If you do, excellent choice. Do you have MiToken? Once again, love your work there. If you don't have MiToken, it's a plug-in to the M$ IAS/NPS servers that allows mutiple types of hard and soft tokens to be used allowing secure OTPs with dual factor authentication with your Active Directory domain(s).

This post will guide you though configuring Junos to use MiToken for two factor authentiucation to help hardern your Junos devices.


For more information on MiToken visit mi-token.com.
This configuration has been tested with Junos11.1r3.5, Junos is a registered trademark of Juniper Networks.

Junos Device Config:

Now go jump into Junos configuration mode and set the following:

[text]
# Add radius to the password auth order
set system authentication-order radius

set system radius-server x.x.x.x port 1812
set system radius-server x.x.x.x secret "SECRET"
set system radius-server x.x.x.x timeout 10
set system radius-server x.x.x.x retry 2
set system radius-server x.x.x.x source-address x.x.x.x

# Block everyone access by default
set system login user remote full-name Radius-User
set system login user remote class unauthorized

# Create users who should get access
set system login user john full-name "John Smith"
set system login user john class super-user
[/text]

MiToken / NPS Configuration:

Now lets configure the MiToken side to accept radius packets from our Junos device(s). The only down side to MiToken is it runs on Windows :-(.

1) Define a Radius client in NPS


Right click on radius clients and choose 'New RADIUS Client'

2) Define a connection request policy


Set up your policy to identify your Junos devices ... For more information refer to the MiToken Admin guide.


This step is optional. You do not have to require Windows Authentication to be active - This would take you back to single factor OTP auth

3) Enable MiToken on the connection request policy for Junos devices

4)

Enjoy you radius dual factor authentication. Your auditors and boss will now love you. Hit them up for a raise.

5)

Send some praise Cooper's way 🙂

cooperlees

Related Posts

g33k

Book REVIEW: Linux Service Management Made Easy with systemd: Advanced techniques to effectively manage, control, and monitor Linux systems and services 1st Edition

· 2022-09-20 · 0 Comment

Amazon Link Disclaimer: I get no royalites or anything here – Just had coworkers ask me about it So since I’m no systems guru and am now…

g33k

CLI Templates for Python + Rust

· 2022-07-17 · 0 Comment

Do you also write a lot of services that need a few CLI option (e.g. –config) and or little CLI tools from time to time? Want a…

cisco

Stop IPv4 Point-To-Point Addressing your Networks

· 2022-06-16 · 0 Comment

IPv4 addressing on links is no longer required to route IPv4. What you say?? Yes, you can stop IPv4 addressing your point to point links with Legacy…

g33k

NAT64: Using `jool` on Ubuntu 20.04

· 2020-12-14 · 0 Comment

I found that jool has very good tutorials, but all the commands to get going are hidden in these large tutorials. Here are the steps I took…

g33k

Raspberry Pi Powered Fireplace

· 2020-11-27 · 1 Comment

Mr Aijay Adams and I am back making my Fireplace Internet / Smart device controllable. Now, via a very sexy Web UI, when I’m heading back to…

g33k

nftables

· 2020-11-15 · 0 Comment

Are you using the latest Linux kernel firewall?. Here are some notes I’ve saved that I use and forget all the time. I plan to add to…

This Post Has One Comment

  1. Pingback: Microsoft NPS Server + Juniper JUNOS VSA | I-R-Coops Blog

Leave a Reply

Your email address will not be published. Required fields are marked *