active-directory-access
Syntax
active-directory-access {
authentication-entry-timeout (Services User Identification) minutes;
domain name {
domain-controller domain-controller-name {
address domain-controller-address;
}
ip-user-mapping {
discovery-method {
wmi {
event-log-scanning-interval seconds;
initial-event-log-timespan hours;
}
}
}
user (System Services){
user-name;
password password;
}
user-group-mapping {
ldap {
address name {
port port;
}
authentication-algorithm simple;
base base;
ssl;
user {
user-name;
password password;
}
}
}
}
filter {
exclude name;
include name;
}
firewall-authentication-forced-timeout minutes;
invalid-authentication-entry-timeout minutes;
no-on-demand-probe;
traceoptions (Active Directory Access) {
file filename files files match match size size (world-readable | no-world-readable);
flag name;
level (all | error | info | notice | verbose | warning);
no-remote-trace;
}
wmi-timeout seconds;
}
Hierarchy Level
[edit services user-identification]
Description
Identify the domain and domain controllers where the integrated user firewall feature is implemented; configure the IP address-to-user mapping information and the user-to-group mapping information for accessing the LDAP server.
Options
| authentication-entry-timeout | Authentication entry timeout number.
|
| firewall-authentication-forced-timeout | Firewall authentication fallback authentication entry forced timeout number.
|
| invalid-authentication-entry-timeout | Invalid authentication entry timeout number.
|
| no-on-demand-probe | Disable on-demand probe. |
| wmi-timeout | Windows Management Instrumentation (wmi) timeout number.
|
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 12.1X47-D10.