Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Automatically Signing into Network Connect using GINA

    The Graphical Identification and Authorization (GINA) sign-in function is an automated sign-in method you can install and enable on Windows clients signing in to a Windows NT domain. You can require Network Connect to install GINA on the client machine, or you can allow users to decide whether or not to install GINA when they launch Network Connect.

    Note: You cannot install more than one GINA automatic sign-in function on a client’s system. If another application on the client’s system uses a GINA function, Network Connect cannot install and activate the GINA component.

    If GINA is installed on the client, it automatically prompts the user to choose whether or not to launch Network Connect each time he/she signs in to Windows. If you choose to make GINA installation optional, the user can activate GINA using the Auto connect when login to Windows option in the Network Connect window. This option is only available during an open Network Connect session.

    The option to enable GINA installation on client systems is available when you define role attributes in the Users > User Roles > Role Name > Network Connect page.

    Figure 1: GINA Installation Process

    Image g038021.gif

    The GINA installation process takes place one time and requires the user to perform a system reboot in order to enable GINA sign-in capability. From that session forward, GINA prompts the user to decide whether or not to launch Network Connect at each Windows sign-in. When the user signs in to Network connect, unless otherwise specified, GINA passes the user’s Windows sign-in credentials to the SA Series Appliance for authentication before establishing the Network Connect tunnel.

    Note: End-users can not modify their Windows user password through Network Connect GINA.

    When a user logs in to the SA Series Appliance through the Juniper GINA, if the version of the Network Connect client on the user’s computer matches that on the SA Series Appliance, the Juniper GINA establishes a Network Connect connection to the SA Series Appliance. If the Network Connect versions do not match, the Juniper GINA does not establish a Network Connect connection to the SA Series Appliance. Prior to release 5.4, the Juniper GINA displays a version mismatch warning and allows users to log in to the Windows desktop using their cached credentials. With release 5.4 and later, the Juniper GINA allows the users to log in to the Windows desktop using their cached credentials and then launches a standalone Network Client. Users log in to the SA Series Appliance and the appropriate Network Connect client automatically downloads to the user’s computer and launches.

    If you use Host Checker to validate the presence of client-side security components (pre-authorization), Host Checker starts after Network Connect is launched. This is sometimes called a system-mode check. Host Checker exists after successful validation and is later restarted once the user is logs in to their desktop (called user-mode).

    Published: 2011-03-14