If you plan to deploy only the on-demand password based authentication in your user base using Deepnet T-Pass, then you will configure your Juniper in such way that it will use your DualShield Radius server as the primary authentication server. Your DualShield server will be responsible for verifying both users’ AD password and one-time passwords. There should be no secondary authentication servers.
Edit Logon Procedure
In the DualShield Management Console, edit the logon procedure for your Juniper VPN application. You will need to define two logon steps: the first step requires users to enter their static password (AD password), which will also trigger the DualShield server to send the user’s on-demand password. The second step will then ask users to enter their on-demand password.
Configure Juniper
To implement Radius Challenge & Response, you need to edit the Radius Server and add a new Radius Rule.
- Select "Auth Server" and select the DualShield Radius Server entry you have created, scroll down to the "Custom Radius Rules":
- Select "New Radius Rule", and populate the form below:
- Click "Save Changes"
- Use the DualShield Radius Server as the only authentication Server in the User Realm
- Set up a Role Mapping Rule
- Select "Auth Server" and select the DualShield Radius Server entry you have created, scroll down to the "Custom Radius Rules":
f. Under Signing In → Sign-in Policies create a new Signing URL:
Test Logon
The user experience in the login process is shown below:
- Users will be first asked to enter their user name and AD password
- The user name and password will be submitted to the DualShield Server to be verified. When the DualShield has successfully verified the user and its password, it will generate an time-time password and send it to the user by SMS or email. The user will then be asked to enter the one-time password:
- Users will be first asked to enter their user name and AD password