Guide
Page
R3000 Enterprise Filter Authentication User Guide
Iii
Page
Contents
Tier 2 Time-based, Web Authentication
Set up the Network for Authentication
Environment Requirements
Set up NT Domain Groups, Members 109
Join the NT Domain 101
103
Create and Maintain NT Profiles 118
146
Test Authentication Settings 162
155
Hours 206 Contact Information
174
208
Ports for Authentication System Access 218
Disable SMB Signing Requirements 220
209
Ldap Server Customizations 219
Ndex
Glossary 247
Introduction
About this User Guide
How to Use this User Guide
Conventions
Terminology
Introduction HOW to USE this User Guide
Introduction HOW to USE this User Guide
Introduction HOW to USE this User Guide
Introduction HOW to USE this User Guide
Filtering Elements
Group Types
Global Group
Global Group IP groups NT domain groups Ldap domain groups
IP diagram with a sample master IP group and its members
IP Groups
NT domain diagram, with sample groups and members
NT Domain Groups
Ldap domain diagram, with sample groups and members
Ldap Domain Groups
Authentication filtering profiles
Filtering Profile Types
Global Group
IP group Master Group
Static Filtering Profiles
Master IP Group Filtering Profile
IP Sub-Group Filtering Profile
Individual IP Member Filtering Profile
Active Filtering Profiles
Global Filtering Profile
NT/LDAP Group Filtering Profile
NT/LDAP Member Filtering Profile
Time Profile
Override Account Profile
Lock Profile
Filtering Profile Components
8e6 Supplied Categories
Library Categories
Custom Categories
Rules
Service Ports
Minimum Filtering Level
Filter Settings
Filtering Rules
Filtering Levels Applied
Introduction Filtering Elements
Sample filtering hierarchy diagram
R3000 Authentication Protocols
Authentication Operations
R3000 Authentication Tiers
Introduction Authentication Operations
Tier 1 Single Sign-On Authentication
Net use based authentication process
Re-authentication process
Authentication methods
SMB protocol
Ldap protocol
Name resolution methods
Authentication setup procedures
Server setup types
Configuring the authentication server
Login scripts
Enter net use syntax in the login script
View login script on the server console
Windows 2000 or Windows 2003 Server
Block page authentication login scripts
\\SERVERNAME\netlogon \\IPaddress\netlogon
Ldap server setup rules
Tier 2 Time-based, Web Authentication
Web-based authentication module diagram
Tier 2 implementation in an environment
Tier 2 Script
Tier 1 and Tier 2 Script
Introduction Authentication Operations
Tier 3 Session-based, Web Authentication
Environment requirements
8e6 Authenticator
Minimum system requirements
Workstation requirements
Recommended system requirements
Work flow in a Windows environment
8e6 Authenticator configuration priority
WAABwCw
8e6 Authenticator configuration syntax
WDDEwCw
Param Parameter Values Dbg Release Meaning Default
Table of parameters
Introduction Authentication Operations
RV102.108.1.0-102.108.1.2551.1.1.12.2.2.2,102.108.2.0
Novell eDirectory Agent
Novell eDirectory servers
Client workstations
Novell eDirectory setup
Novell clients
R3000 setup and event logs
Authentication Solution Compatibility
KEY
Configuration procedures
Configuring the R3000 for Authentication
System section
Introduction Authentication Operations
If using the router or firewall mode Enter eth0 Ethernet
Group section
Create unique filtering profiles for individual users
Administrator
Environment Requirements
Workstation Requirements
End User
Network Requirements
Set up the Network for Authentication
Specify the operation mode
Network Setup SET UP the Network for Authentication
LAN Settings window
Specify the subnet mask, IP addresses
Invisible mode
Router or firewall mode
Enable authentication, specify criteria
Enable/Disable Authentication window
Network Setup SET UP the Network for Authentication
Net use based authentication
Web-based authentication
Java applet
Tier 3 dialog box
Enter network settings for authentication
Authentication Settings window
NIC Device to Use for Authentication field
Authentication SSL Certificate window
Create an SSL certificate
Create, Download a Self-Signed Certificate
Download/View/Delete Certificate tab
Create, Upload a Third Party Certificate
Create a Third Party Certificate
Enter your Email Address
10 Create CSR pop-up window
Upload a Third Party Certificate
11 Upload Signed SSL Certificate box
Download a Third Party Certificate
12 Download CSR pop-up window
View log results
13 View Log File window
Network Setup SET UP the Network for Authentication
Click View to display results in the Result pop-up window
Specify block page settings
15 Block Page Authentication window
Block Page Authentication
Click Apply to apply your settings
Block
16 Block
User/Machine frame
Optional Links
Options
Back and Help links
Option
19 Re-authentication option
Option
Common Customization
20 Common Customization window
Enable, Disable Features
TIP Click Restore Default to revert to the default settings
Authentication Form Customization
21 Authentication Form Customization window
Network Setup SET UP the Network for Authentication
Preview Sample Authentication Request Form
22 Sample Customized Authentication Request Form
Network Setup SET UP the Network for Authentication
Block Page Customization
23 Block Page Customization window
Network Setup SET UP the Network for Authentication
Preview Sample Block
24 Sample Customized Block
100
Authentication Settings window
Join the NT Domain
102
Create an NT Domain
Add an NT domain
Refresh the NT branch
104
Domain Settings
View or modify NT domain details
106
Default Rule
NT Domain Details window, Default Rule tab
Delete an NT domain
108
Set up NT Domain Groups, Members
Add NT groups, members to the tree
110
Specify a group’s filtering profile priority
Set Group Priority window
112
Manually add a user’s name to the tree
Manually Add Member box
Manually add a group’s name to the tree
114
Upload a file of filtering profiles to the tree
Upload User/Group Profile window
10 Upload Member Profile File window
116
117
Add an NT group, member to the tree list
Create and Maintain NT Profiles
118
Click Add
Add or maintain an entity’s profile
120
Category Profile
Redirect URL
122
Filter Options
14 Group Profile window, Filter Options tab
Remove an entity’s profile from the tree
124
Create an Ldap Domain
Add the Ldap domain
View, modify, enter Ldap domain details
Refresh the Ldap branch
126
Ldap Server Type
Group Objects
128
Click Next to go to the User tab
User Objects
130
Address Info
Ldap domain address information populates the Address tab
132
Click Next to go to the Account tab
Account Info
134
SSL Settings
Domain Details window, SSL tab
Upload SSL Certificate for Ldaps
136
Alias List
Domain Details window, Alias List tab
138
11 Domain Details window, Default Rule tab
140
Default Rule for Novell eDirectory
Configure a backup server
13 Backup Server Configuration, Address Info
142
TIP The entry in this field is case sensitive
15 Backup Server Configuration, SSL Settings
144
Modify a backup server’s configuration
Delete a domain
Add Ldap groups, users to the tree
Set up Ldap Domain Groups, Members
146
Perform a basic search
Options for search results
Unmark All
Apply a filtering rule to a profile
148
Delete a rule
17 Set Group Priority window
18 Manually Add Member box
150
19 Manually Add Group box
20 Upload User/Group Profile window
152
21 Upload Member Profile File window
154
Create, Maintain Ldap Profiles
Add an Ldap group, member to the tree
156
23 Group Profile window, Category tab
158
24 Group Profile window, Redirect URL tab
25 Group Profile window, Filter Options tab
160
161
Test Authentication Settings
162
163
Create an IP Group, test
Test Web-based authentication settings
164
Create a Sub-Group, workstation
Create Sub Group box
Set up test with a 32-bit net mask
166
Give workstation a 32-bit net mask
Sub Group Members window
Block everything for the Sub-Group
168
Use Authentication Request Page for redirect URL
Select Authentication Request Form Click Apply
Disable filter options
170
Attempt to access Web content
Internet Explorer browser
Username Password
172
Test net use based authentication settings
Activate Authentication on the Network
174
Activate Web-based authentication for an IP Group
Create a new IP Group, webauth
Set webauth to cover users in range
176
Create an IP Sub-Group
13 Create Sub Group box
14 Sub Group Members window
178
15 Sub Group Profile window, Category tab
16 Sub Group Profile window, Redirect URL tab
180
17 Sub Group Profile window, Filter Options tab
Set Global Group to filter unknown traffic
182
19 Global Group Profile window, Port tab
Select Default Block Page. b. Click Apply
184
Select filter options to be enabled. b. Click Apply
22 Default Block
186
Activate Web-based authentication for the Global Group
Exclude filtering critical equipment
Range to Detect Settings
Block Web access, logging via Range to Detect
188
24 Range to Detect Settings window, main window
Range to Detect Setup Wizard
190
26 Range to Detect Setup Wizard, Step
27 Range to Detect Setup Wizard, Step
192
28 Range to Detect Setup Wizard, Step
29 Range to Detect Setup Wizard, Step
194
Bypass B and go on to to complete this process
Block Web access via IP Sub-Group profile
196
Select Default Block Page, and then click Apply
33 Sub Group Profile window, Filter Options tab
198
Modify the Global Group Profile
34 Global Group Profile window, Category tab
35 Global Group Profile window, Port tab
200
36 Global Group Profile window, Redirect URL tab
37 Global Group Profile window, Filter Options tab
202
Activate NT authentication
Modify the 3-try login script
204
205
Hours
Contact Information
Domestic United States
International
Office Locations and Phone Numbers
8e6 Corporate Headquarters USA
8e6 Taiwan
8e6 China
Support Procedures
208
User/Group File Format and Rules
Username Formats
Port command codes
Filter Mode Values
Category command codes
Rule Criteria
Category Codes Filter Option codes
File Format Rules and Examples
212
NT User List Format and Rules
NT Group List Format and Rules
214
When translated, these strings of code mean
Ldap User List Format and Rules
216
Ldap Group List Format and Rules
CN=Sales, CN=Users, DC=qc, DC=local Rule1
Type Function
Ports for Authentication System Access
218
OpenLDAP Server Scenario
Ldap Server Customizations
Not all users returned in User/Group Browser
Disable SMB Signing Requirements
Server Signing Mode Not Defined Enabled Disabled
SMB Signing Compatibility
R3000 Auth
Disable SMB Signing Requirements in Windows
Fig. D-1 Go to Active Directory Users and Computers
Fig. D-3 Domain Controllers Properties
222
Fig. D-4 Group Policy Object Editor window
Fig. D-7 Group Policy Object Editor window, Local Policies
224
Fig. D-9 Define this policy setting
Verify certificate authority has been installed
Obtain or Export an SSL Certificate
Export an Active Directory SSL Certificate
226
Locate Certificates folder
Click OK to open the Console window
Fig. E-4 Add/Remove Snap-in
228
Fig. E-6 Certificates snap-in dialog box
Export the master certificate for the domain
230
This action launches the Certificate Export Wizard
Fig. E-12 Export File Format
232
Fig. E-14 Settings
Export a Novell SSL Certficate
234
Obtain a Sun ONE SSL Certificate
Fig. E-17 Export a Certificate pop-up window
Override Pop-up Blockers
236
Yahoo! Toolbar Pop-up Blocker
If pop-up blocking is enabled
Add override account to the white list
Fig. F-3 Allow pop-ups from source
238
Fig. F-4 # blocked icon enabled
Google Toolbar Pop-up Blocker
AdwareSafe Pop-up Blocker
Temporarily disable pop-up blocking
240
Mozilla Firefox Pop-up Blocker
Fig. F-6 Mozilla Firefox Popup Windows Preferences
Set up pop-up blocking
Windows XP SP2 Pop-up Blocker
Use the Internet Options dialog box
242
Fig. F-8 Toolbar setup
Use the IE toolbar
Fig. F-9 Pop-up Blocker Settings
244
Set up the Information Bar
Use the Information Bar
Fig. F-11 Information Bar menu options
246
Glossary
248
249
250
251
252
253
254
Index
Numerics
256
257
Https Iana
258
Ldap
NAT
260
261
262
SMB/NT
264
265