Oct
30
I now have Juniper Network Connect working under Leopard. It doesn’t work out of the box and the installer is broken. I suspect that some of the authentication mechanisms have been changed. The installer gets stuck on a chown command, and can’t complete the install. Here’s how to fix it after you cancel the broken install.
1) NC uses old crypto and ssl libs. It uses 0.9 instead of 0.9.7. Well, the Leopard install only installs PPC versions of these libs. So:
cd /usr/lib
sudo mv libcrypto.0.9.dylib libcrypto.0.9.dylib.ppc
sudo ln -s libcrypto.0.9.7.dylib libctypto.0.9.dylib
sudo mv libssl.0.9.dylib libssl.0.9.dylib.ppc
sudo ln -s libssl.0.9.7.dylib libssl.0.9.dylib
If you have an old install, this may be sufficient. (i.e. you did an upgrade) I did not test it.
2) Copy /Applications/Network Connect.app from a working machine to yours.
3) Copy /usr/local/juniper from a working machine to yours. It needs to be owned by root:wheel. Also, /usr/local/juniper/nc/5.5.0 needs to be 711, as well as the two nctun directories under it. Furthermore, ncproxyd needs to be 4711.It works!
If you don’t understand the above, then you probably have no business trying to make it work anyway, sorry!
[…] Connect für SSLVPN funktioniert jetzt auch dank dieser Anleitung. Aber Achtung, da haben sich einige Tippfehler eingeschlichen, bei den […]
AWESOME!!! This worked exactly as described. Everything he [Colin?] said is right on target.
1. Moving the files instead of deleting them. GOOD!
2. Creating symlinks. Of course!
3. Copy the .app from existing (or install from a dmg if you got it). Yep, the app will create everything it needs in /usr/local
4. Setting the owner and permissions of the 3 folders to root:wheel & 711. This may have taken a while to figure out on my own!
5. Setting permissions of ncproxyd to 4711. This is CRUCIAL, and not very obvious! If you do not, when it errors out and offers to show the log, you’ll find something like “proxy failed to acquire root”.
I would like to offer a few more exact lines of code for doing steps 4 & 5, so that even terminal-phobes can do this comfortably.
sudo chown root:wheel /usr/local/juniper/nc/
sudo chmod 4711 /usr/local/juniper/nc/5.5.0/ncproxyd
# the following must all be on one line
sudo chmod 711 /usr/local/juniper/nc/5.5.0 /usr/local/juniper/nc/5.5.0/nctun.kext /usr/local/juniper/nc/5.5.0/nctun_tiger.kext
# that’s all code ends above ^^
For those who don’t know and aren’t comfortable with “chmod 4711″, I’ll explain. The extra bit of “4″ sets an important property called the SUID bit. That means that an executable with this bit set will run as the owner of the executable regardless of who runs it. In this case it runs as root, and everyone is permitted to execute it. That sounds a little scary, so you must trust the author of the executable.
Good luck!! And thank you again to Colin, or whoever the author is!!
This worked for me! Just don’t forget to chmod 711 the dirs mentioned, and chmod 4711 ncproxyd
Update:
We updated our Juniper server to the latest version. I had to manually remove the old installation so the new installation would work.
Hi,
I followed all steps mentioned here. When the installation starts from the first time, the “Running install script” hands for long and nothing happens
I have JRE 1.5.0_13-119 installed
Any clue ?
Late comment, I know, but this caught me briefly - there’s a typo in the third line, where it says “sudo ln -s libcrypto.0.9.7.dylib libctypto.0.9.dylib”. The name should be “libcrypto” with an “r”, not a “t”, after the “libc”. Otherwise, just the instructions I needed. Thanks!
It’s VERY frustrating that this site is completely google-proof. http://www.google.com/search?q=site:http://www.colinburns.com/wordpress/ I regularly find myself at a colleague’s machine needing to look this info up, but I always fail.
I’ve learned my lesson about google-seeding. http://delicious.com/RichardBronosky/juniper