Skip to main content

Juniper Network Connect on Mac OS X Snow Leopard

Juniper Network Connect is a very popular VPN client for corporate networks. It bootstraps from a Java applet and has native versions for Windows, Linux and Mac, and works very well. Unfortunately, it seems that Mac OS X 10.5 Leopard and 10.6 Snow Leopard have some issues caused by a dodgy installation program.

One common way to make it work is to enable the root user and log in with full admin privileges under OS X and install it that way. This is a sledgehammer approach to a fairly simple problem, opens up security issues, and didn't even work for me. I won't even bother exploring that route in this blog post. There are a couple of other things that can be done to make it work, though.

If you upgraded from a previous version of OS X and already had the Network Connect client installed, you may just be suffering a simple permissions issue. These instructions are for Network Connect 6.2.0, but they might well work with other versions with a tweak. From Terminal, run the following commands:

    sudo mkdir -p /usr/local/juniper/nc/6.2.0
    sudo chmod 755 /usr/local/juniper/nc/6.2.0
    sudo mkdir /Applications/Network\ Connect.app/Contents/Frameworks

This restores some broken permissions and a missing directory that Snow Leopard seems to consider unnecessary. Once you've done this, fire up Network Connect and you're good to go.

On the other hand, if you're already running Snow Leopard and you haven't yet installed Network Connect, it might be dying halfway through installation after authentication. This is because an Apple provided Java update changed the default Sun password from 'changeit' to 'changeme' in the global keystore. This simple little change means that authenticating Java applets to install software locally is broken. More information about this problem can be found in the Juniper knowledge base, article KB16134.

The fix is very simple, and involves changing the Java password back to 'changeit'. Open up a terminal and run the following command:

sudo keytool -storepasswd -new changeit -keystore \
/System/Library/Frameworks/JavaVM.framework/Resources/Deploy.bundle/\
Contents/Home/lib/security/cacerts \ 
-storepass changeme

Note that you should copy that as one big command. The backslashes are continuation characters to tell it to continue the same command. Also note that you shouldn't put any spaces between "Deploy.bundle/" and "Contents". Once this is done, Network Connect should just burst into life.

Comments

Popular posts from this blog

Another canal walk

The sun has started being a little more present lately, so some mornings are actually quite pleasant. On one such morning I decided to have a wander up the canal.


The clouds made everything look a bit Toy Story, and the low sun gave a lovely light and contrast to everything else.


Of course, it wasn't sunny everywhere. But even in the darker places, such as right underneath Leeds railway station, the sun had a go at peeking in.


Shooting the Enterprise

I was recently asked if I could help out providing an image for a magazine article about stress management. For reasons as yet undiscovered the requested image would be of the USS Enterprise flying through a storm in space. Unfortunately I didn't have a lot of time (just a couple of hours), but I did have a very nice model of the Enterprise D I could use to build the image around.

Thinking fast, I rigged up a rather slapdash rig consisting of a black reflector backdrop, an umbrella and stand from which dangled the model by a thread, and a couple of strobes. One light above, diffused, to provide the key light, and another, reflected and lower power, to fill some of the very dark shadows. It ended up all looking something like this:


Using a fast shutter, f/16 and cunning flash positioning I managed to keep the background black and give the model suitably textured lighting so it didn't have that flat, uniform, shadowless appearance of, well, a model. The narrow aperture obviously…

Feeling Puddled

A bit of a change of pace on the blog. I've not posted anything remotely nerdy for ages, so here is a post containing four very nerdy things: functional programming, Haskell, Scala and Twitter interview questions. The Twitter interview in question was not mine, but instead was one posted about by Michael Kozakov on his blog post "I Failed a Twitter Interview."

So, interview questions, eh? This Michael fella thinks he failed the interview by getting the question wrong, but you and I know that's not how it works. The interviewer is more interested in finding out how you go about solving problems than whether you get this particular problem right. After all, unless they have some nasty leaky roof scenario, I can't imagine there being a particular pressing need for Twitter to need their interview candidates to get this one spot on.

That all being said, I don't much care about the problem solving technique. I care about figuring it out and making a really expressi…