I'm on Ubuntu 10.04 and I use the sun java 32 bit libs, and with that can connect to the secure server and install Juniper Net connect. But then the problem is that I have to enter an ldap user name, a password and then a Securid number. I can't see how to map those to -u username and -p password. The realm is SecureLDAP.
Has anyone solved the same problem?
I have been trying at this for months, always getting the 'cannot connect to IVE error'. After much research and discussing this with our network folks, I think the issue is caused by Host Checker. Apparently this cannot be disabled on a per OS basis. What it looks for, can be configured, or even turned off, on a per OS basis. But IT MUST RUN, if it is enabled at all. This component allows automated checking for virus software (among other things) and so it must be enabled for certain OSes that are vulnerable to that sort of issue .
Host Checker is a Java applet and must be started by the browser. There is a call during the Network connect phase that fails if it is not running. Here is the stack trace from where it failed on my machine...
The script that Mad Scientist was so good to create does not start this component (I am sure that his or her network does not require it). So the script fails.Code:java.lang.Exception: Cound not find null/narport.txt; cannot send null action to Host Checker at SecureHCLauncher.openCommandSocket(SecureHCLauncher.java:405) at SecureHCLauncher.sendAction(SecureHCLauncher.java:433) at SecureHCLauncher.start(SecureHCLauncher.java:187) at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Plugin2Manager.java:1639) at java.lang.Thread.run(Thread.java:619)
Given that constraint I have a few roads to try, I can try one on my own as it fits within my current level of skill. The other will require skills I have not had to acquire yet...
1. Try with firefox in a 32bit jail.
a. there is plenty of info on this so I can do this myself. I am not sure however if 64bit apps will be able to use the tun interface.
2. Create a 32bit Ubuntu VM in Virtual box and use it as a router.
a. I have this VM up and connected, it actually works better than Fedora at this. I will be learning a lot in this endeavor. Also seems like a giant kludge.
3. Extend Mad Scientists script to start Host Checker before it starts Network Connect.
a. totally out of my element here, I am not even sure it is possible.
If anyone has any comments or advice it would be much appreciated.
I'm in exactly the same boat, many hours wasted on this. My sysadmin watched a trace on his side and said,"oh HostChecker is running and fails, I didn't think this needed to run."
Anyway, I'm also contemplating creating a 'clean' 32-bit installation, but I'll wait to hear how it works for you.
EDIT UPDATE: I had an old spare desktop, so I tried a full 32 bit installation. It works now. I don't regard this as a solution as much as a problematic workaround.
Last edited by deakblue; October 7th, 2010 at 05:10 AM. Reason: UPDATE
I did get it to work on 32bit Ubuntu right away. Just be sure to install Sun Java and the Sun Java plugin. Also Juniper recommends that you install network connect using alien and an rpm that they provide for Network Connect on Redhat. I actually found getting connected on Ubuntu to be easier and faster than getting connected on Fedora 13. But find that to be true about Ununtu anyway.
Note that Firefox 3.6 (the one that comes with Lucid) does not support the java5 plugin, so, if you VPN connection was done via firefox, you will also need to downgrade to firefox 3.5.Code:sudo aptitude install sun-java5-jre sun-java5-plugin
You don't need to install sun-java5-*. Anyway, I don't have those installed and my network connect (Release Version : 6.1-0-Build13103 / Build Date/Time : May 6 2008) works fine.
What you DO have to have is the 32bit version of Java, if you're running a 64bit OS. So, you can remove the sun-java5* packages again and add this one:
and that should do it.Code:sudo aptitude install ia32-sun-java6-bin
"Please remain calm...I may be mad, but I am a professional." --Mad Scientist
Had the same (time-out) in maverick, reconfiguring through
sudo update-alternatives --config java
was not enough. I had to remove openjdk, now working fine.
Thanks for the great work Mad Scientist!
I installed your script and with the help of my trusty network admin colleague was able to get it working!
I first experienced the painful dsclient.info state: kStateSelectRole and dsclient.error state select role failed, error 10 situation mentioned in an earlier post on 26th March 2010.
My colleague and I worked together to solve this error. From the Juniper admin interface, he had to clone the general network connect role to one specifically for my Linux client. He disabled the customised role selection post logon page so it would autoload the network connect role for me upon connection. Then he made a few tweaks as the clone command doesn't clone all the settings like ACLs for example.
I am using Kubuntu 10.10 64bit release. I also grabbed the later Linux client via file from a site I found via a google search, http://www.tcnj.edu/~nts/downloads/N...6.5R2.i386.rpm. I extracted the files from this rpm and use these in my ~/.juniper_networks/network_connect directory to get away from the dependency on older library files like libstdc++2.10-glibc2.2 for example. My company has an old network connect client and server side IVE OS on offer, will be upgrading next year.
Thanks again for enabling me to use my latest 64bit distro with this painful piece of Juniper software!
I can't enter my SecurID value...
I was enter a personal PIN and the value provided by the SecurID fob in one win, but junipernc doesn't connect..
It's work normally only if I connect to vpn by click "Start" button next to "Network Connect" on web page of VPN server..
How the program read SecurID value?
Thanks, and sorry for my bad english