active-directory-access
Syntax
active-directory-access {
authentication-entry-timeout (Services User Identification) minutes;
domain name {
domain-controller domain-controller-name {
address domain-controller-address;
}
ip-user-mapping {
discovery-method {
wmi {
event-log-scanning-interval seconds;
initial-event-log-timespan hours;
}
}
}
user (System Services){
user-name;
password password;
}
user-group-mapping {
ldap {
address name {
port port;
}
authentication-algorithm simple;
base base;
ssl;
user {
user-name;
password password;
}
}
}
}
filter {
exclude name;
include name;
}
firewall-authentication-forced-timeout minutes;
invalid-authentication-entry-timeout minutes;
no-on-demand-probe;
traceoptions (Active Directory Access) {
file filename files files match match size size (world-readable | no-world-readable);
flag name;
level (all | error | info | notice | verbose | warning);
no-remote-trace;
}
wmi-timeout seconds;
}
Hierarchy Level
[edit services user-identification]
Description
Enabling tracing can adversely impact scale and performance and may increase security risk. We strongly recommend using the trace, tracing, or traceoptions commands only under the guidance of a JTAC support engineer. After collecting the debug information, immediately disable tracing to minimize risk and restore normal system performance.
Identify the domain and domain controllers where the integrated user firewall feature is implemented; configure the IP address-to-user mapping information and the user-to-group mapping information for accessing the LDAP server.
Options
| authentication-entry-timeout | Authentication entry timeout number.
|
| firewall-authentication-forced-timeout | Firewall authentication fallback authentication entry forced timeout number.
|
| invalid-authentication-entry-timeout | Invalid authentication entry timeout number.
|
| no-on-demand-probe | Disable on-demand probe. |
| wmi-timeout | Windows Management Instrumentation (wmi) timeout number.
|
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 12.1X47-D10.