New User AD Auth Over Junos Pulse VPN

DBrowning
Valued Contributor II

My company was purchased about 18 months ago and we are now working on Migrating my user over to the new domain. Users in the office this is no issue. We have a few remote employees that will need to get migrated as well. Does anyone know of a way to keep a VPN connection Live with Junos Pulse? I have tried using the Fast User Switching but once I click on Login Window, my connection is dropped.

I have also tried using terminal and the login command, which allows the account to auth but doesn't created the home Dir it goes to /var/empty.

Does anyone have any suggestions?

1 ACCEPTED SOLUTION

nessts
Valued Contributor II

we have a script that sets the computer to auto login with a local account, start vpn, then that script makes sure its bound to AD, then it prompts the user for username and password and runs /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount to create the local account, it then undoes auto login, and reboots the comptuer at which point they login with their cached AD account.

View solution in original post

3 REPLIES 3

nessts
Valued Contributor II

we have a script that sets the computer to auto login with a local account, start vpn, then that script makes sure its bound to AD, then it prompts the user for username and password and runs /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount to create the local account, it then undoes auto login, and reboots the comptuer at which point they login with their cached AD account.

andrew_nicholas
Valued Contributor

We did something similar to @nessts, though it was a manual process because we hadn't scripted it at the time:

1) We remoted to the machine and created a standard account for the user to log into
2) Logged out and in with the new standard user account, and then connected to the VPN (AnyConnect)
3) Bound to new AD and provisioned the new AD account via the "/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n -h [path]" command
4) We removed the home drive that was created with that command, then renamed and updated the permissions on the old account to reflect the new name
5) Had the user log in via Fast User Switching.
6) Clean up

This was neither pretty nor efficient, but it worked for the few users who couldn't come in or ship their machines to us over night.

DBrowning
Valued Contributor II

@nessts and @andrew.nicholas

Thanks guys. this worked out for me.