Basically, we need to do 3 steps in order to accomplish this task:
connecting the MS radius server to junos space. And this step is divided into 2 another steps:
a. Creating radius client:
Go to RADIUS Clients > right click > new
Type the IP address of J-Space (the one you’re using with CLI , not the virtual one) and type the shared secret you want to use.
b. In the J-Space go to Administration > Authentication Servers > add the radius IP address and all properties you want to use
notice: remember which protocol you’re going to use because you’ll be configuring that later in the radius server
Test the connection and then proceed
Second step is to configure remote profile. You’ll be creating remote profile to set permissions for remote authenticated users:
Go to Role Based Access Control > Remote Profiles > Create new
Set the profile name and the permissions you want to give the authenticated users
Remember the profile name because you’ll be using that in the last step.
Last step is to create network policy in the radius server:
add the group users name which they should grant access to the J-Space
And now the important part: Vendor Specific
Junos code is : 2636
Attribute number : 11 , string
refer to : https://www.juniper.net/documentation/en_US/junos/topics/reference/general/radius-vendor-specific-attributes-juniper-networks.html
Attribute value should be the same remote profile name you’ve configured in the J-Space remote profiles.
If the authenticated user is part of a domain then in the J-Space login page you should login in this context: Domain\User