I hate when I do stupid stuff
I hate when I do stupid stuff. And it is even more embarrassing when it is a rookie mistake in front of a customer. A client of ours bought a new Juniper SSG 320 firewall and a new Juniper SA2000 (SSL VPN). One of our consultants has the firewall in place and working, but he didn’t know how to configure the SA. So, I jumped in to help. The only problem is that the client is in Dallas, and I am in Houston. So, we got the basic config on the box, and I connected remotely and started configuring away with the client on the other line (he was watching via the remote meeting feature the SA has – kinda like Webex).
So the client wanted the administrators to authenticate through their active directory. I said fine and started modifying the admin realm and role to authenticate back to AD. Well, Mr. Brilliant here (that’s me) didn’t think about the fact that I was modifying the very realm and role that I had authenticated through, which was pointing at a local user database. I modified the rule, save the changes, and BAM! I lost contact. DUH!
OK, well, it disconnected me, but we should be able to get in using the client’s AD creds, right? Well, no. That wasn’t working for some reason (still working on that). So the client had to go to the console and create a temporary super-admin user to reset the stupid stuff I had done (luckily Juniper anticipated idiots like me and created a way around the problem – but it is through the console, so you have to have physical access to the box).
Dang it! Just smack me!
Vet
