Connecting Microsoft Radius Server to Junos Space

Basically, we need to do 3 steps in order to accomplish this task:

connecting the MS radius server to junos space. And this step is divided into 2 another steps:

a. Creating radius client:

Go to RADIUS Clients > right click > new

11

Type the IP address of J-Space (the one you’re using with CLI , not the virtual one) and type the shared secret you want to use.

12

11

b. In the J-Space go to Administration > Authentication Servers > add the radius IP address and all properties you want to use

notice: remember which protocol you’re going to use because you’ll be configuring that later in the radius server

11

Test the connection and then proceed

Second step is to configure remote profile. You’ll be creating remote profile to set permissions for remote authenticated users:

Go to Role Based Access Control > Remote Profiles > Create new

Set the profile name and the permissions you want to give the authenticated users

Remember the profile name because you’ll be using that in the last step.

Last step is to create network policy in the radius server:

Go to:

12

Capture

add the group users name which they should grant access to the J-Space

11

11

And now the important part: Vendor Specific

Junos code is : 2636

Attribute number : 11 , string

refer to : https://www.juniper.net/documentation/en_US/junos/topics/reference/general/radius-vendor-specific-attributes-juniper-networks.html

Attribute value should be the same remote profile name you’ve configured in the J-Space remote profiles.

12

11

If the authenticated user is part of a domain then in the J-Space login page you should login in this context: Domain\User

Advertisements

Deploying Log Collector in Junos Space

You well connect the log collector to the Security director after downloading the OVA and installing it in VM machine and configuring the network settings .

You may not type 6 and change the default user/pass for connecting the log collector .. but if you want then then just remember the password you entered.

default user/pass: admin/juniper123

Go to Administration > Logging Management > Logging Nodes > Create

1

1

Next > Finish

1

If you receive “Log Collector is not in Time Sync” then 2 things:

1- check if the log collector and junos space machines both has ntp port 123 open in firewall toward the ntp server.

2- check if you have configure the right ntp server in /etc/ntp.conf file . if not then:

stop the service : /etc/init.d/ntpd stop

update the ntp server settings in the file

for the update : ntpd -gq

start the service : /etc/init.d/ntpd start

In order to collect the logs into the log collector , you’ll need to configure the log collector IP address in the junos firewall and it should be reachable. For example:

admin@Firewall> show configuration security log stream Log-Collector
severity info;
format sd-syslog;
category all;
host {
192.168.10.45;
}

Untitled

How to change Junos Space logo welcome page

First you need to do ‘inspect element’ to the page

1

2

[root@space-005056941e6f ~]# find / | grep junos_space_rgb_360x240.png

/usr/local/jboss/domain/tmp/servers/server1/vfs/deployment1c48889875ac1ea/systemService-web.war-9705d0aeabb62272/images/junos_space_rgb_360x240.png

/usr/local/jboss/domain/tmp/servers/server1/vfs/deployment1c48889875ac1ea/cmUI.war-3dcd1c3964e96143/images/junos_space_rgb_360x240.png

find: /proc/27145: No such file or directory

 

[root@space-005056941e6f ~]# cd /usr/local/jboss/domain/tmp/servers/server1/vfs/deployment1c48889875ac1ea/systemService-web.war-9705d0aeabb62272/images/

[root@space-005056941e6f images]# ls

background-aqua-2560×1458.jpg        bgd_gradient_fill.png    junos_space_rgb_1800x1200.png  login_button_62x24.png     preload

background-aqua-2560×1458.png        burst-space-192×180.png  junos_space_rgb_360x240.png    logo_juniper_reversed.png  rounded-blue-100×26-btn.png

background-aqua-login-2560×1458.png  gradient-background.png  login-aqua-2560×1458.png       logo-reversed.png

Login via WinSCP to the junos space machine . And remeber that you need to change the Shell Environment from Default to /bin/bash

9.png

3

Copy the logo to your PC and edit it

4

Don’t forget to backup the one you have on the Junos space machine (just rename it)

5

If you’re having a problem with permissions just run via the CLI those commands

6

[root@space-005056941e6f ~]# cd /usr/local/jboss/domain/tmp/servers/server1/vfs/deployment1c48889875ac1ea/systemService-web.war-9705d0aeabb62272/

[root@space-005056941e6f systemService-web.war-9705d0aeabb62272]# chmod 777 images/

7

8

Cannot log to Space CLI after installation

First , in order to troubleshoot this issue , you need to be sure that ssh is enabled . How ?

  • power off the machine from VMware workstation or vSphere , or suspend it.
  • power it on
  • after entering user/pass , you’ll be asked to select which mode to enter , check security (5)
  • if appears disable ssh , then ssh is enabled . if not , then enable it .
  • if then is not your problem , then enter the debugging mode (7) and do the following:

write down the command : $ ls -al /etc/ssh/ssh*key

capture

if appears nothing , or zero as it shows in the picture , then you need to re-generate ssh key using the following command:

sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key

and then click Enter twice .

This should solve your problem .

If not , back to “secuirty (5)” section , and try disabling firewall .

Note: For more information regarding ssh keys , visit the following site.

Searching for backup configuration files in JunosSpace

Within the Junos Space you can find all the .conf files ‘Configuration Files > Config Files Management’ path . But you want to back it up via bach/script file that runs automatically instead of exporting it from the Space GUI , and you don’t know where those files are stored in the JS directories :

First, good luck with that 🙂

Second, here is the path :

# cd /usr/local/jboss/domain/tmp/servers/server1/.conf/RCS/

# ls

1111

Junos Space /VMware Tools

While you’re trying to backup your Junos Space VM machine via the VMware Tools, and you receive the following error:

FTL – vfm_freeze: method: VMware_v2, type: FIM, function: VMware_v2_freeze

large

as part of my research in Junos space resources I can see that “Junos Space Network Management Platform is not certified to be used with VMware tools

http://www.juniper.net/techpubs/en_US/junos-space15.1/topics/task/installation/junos-space-virtual-appliance-deploying.html

http://forums.juniper.net/t5/Junos-Space-Developer/Junos-Space-backup-with-VMtool/m-p/299799

According to:

http://forums.juniper.net/t5/Junos-Space-Developer/Junos-Space-backup-with-VMtool/td-p/299799

This should work From Junos Space Network Management Platform Release 16.1R1 onward.