Manuals / 8e6 Technologies / Computer Equipment / Network Card

8e6 Technologies R3000 manual Introduction Authentication Operations

Models: R3000

1 277

Download 277 pages 39.87 Kb

Page 67

CHAPTER 1: INTRODUCTION AUTHENTICATION OPERATIONS

The entries made in this window will vary depending on whether you are using the invisible mode, or the router or firewall mode. The LAN 1 and LAN 2 IP addresses should usually be in a different subnet.

•If using the invisible mode: For the LAN1 IP (eth0) address, select 255.255.255.255 for the subnet mask.

•If using the router or firewall mode: Specify the appro- priate IP address and subnet mask in the applicable fields.

3.Select “Authentication” from the control panel, and then select Enable/Disable Authentication from the pop-up menu.

Enable authentication, and then select one of three tiers in the Web-based Authentication frame:

•Tier 1: Choose this option if you will only be using net use based authentication for NT or Active Directory servers.

•Tier 2: Choose this option if you wish to use timed Web-based authentication for NT and LDAP domains. This option gives the user a timed session for his/her Internet access. After the timed profile expires, the user will have to log in again if he/she wants to continue to have Internet access.

•Tier 3: Choose this option if you wish to use persistent Web-based authentication for NT and LDAP domains. This option gives the user a persistent network connection via a pop-up window that keeps the user’s session open until the window is closed, so the user does not have to log in repeatedly.

If choosing Tier 2 or Tier 3, enable either 8e6 Authenti- cator or Novell eDirectory Agent, as appropriate to your environment.

4.Select “Authentication” from the control panel, and then select “Authentication Settings” from the pop-up menu.

8E6 TECHNOLOGIES, R3000 ENTERPRISE FILTER AUTHENTICATION USER GUIDE

55

Image 67

8e6 Technologies R3000 manual Introduction Authentication Operations

Contents

Guide Page Iii R3000 Enterprise Filter Authentication User GuidePage Contents Tier 2 Time-based, Web Authentication Environment Requirements Set up the Network for AuthenticationCreate and Maintain NT Profiles 118 Set up NT Domain Groups, Members 109Join the NT Domain 101 103146 Test Authentication Settings 162155 Hours 206 Contact Information 174208 Ldap Server Customizations 219 Ports for Authentication System Access 218Disable SMB Signing Requirements 220 209Glossary 247 NdexAbout this User Guide IntroductionConventions How to Use this User GuideTerminology Introduction HOW to USE this User Guide Introduction HOW to USE this User Guide Introduction HOW to USE this User Guide Introduction HOW to USE this User Guide Global Group IP groups NT domain groups Ldap domain groups Filtering ElementsGroup Types Global GroupIP Groups IP diagram with a sample master IP group and its membersNT Domain Groups NT domain diagram, with sample groups and membersLdap Domain Groups Ldap domain diagram, with sample groups and membersIP group Master Group Authentication filtering profilesFiltering Profile Types Global GroupIndividual IP Member Filtering Profile Static Filtering ProfilesMaster IP Group Filtering Profile IP Sub-Group Filtering ProfileNT/LDAP Member Filtering Profile Active Filtering ProfilesGlobal Filtering Profile NT/LDAP Group Filtering ProfileTime Profile Override Account ProfileLock Profile Filtering Profile Components 8e6 Supplied Categories Library CategoriesCustom Categories Rules Service PortsMinimum Filtering Level Filter Settings Filtering Levels Applied Filtering RulesIntroduction Filtering Elements Sample filtering hierarchy diagram R3000 Authentication Protocols Authentication OperationsR3000 Authentication Tiers Introduction Authentication Operations Net use based authentication process Tier 1 Single Sign-On AuthenticationRe-authentication process SMB protocol Authentication methodsLdap protocol Name resolution methods Server setup types Authentication setup proceduresConfiguring the authentication server Enter net use syntax in the login script Login scriptsWindows 2000 or Windows 2003 Server View login script on the server console\\SERVERNAME\netlogon \\IPaddress\netlogon Block page authentication login scriptsLdap server setup rules Web-based authentication module diagram Tier 2 Time-based, Web AuthenticationTier 2 implementation in an environment Tier 2 Script Tier 1 and Tier 2 Script Introduction Authentication Operations Tier 3 Session-based, Web Authentication Environment requirements 8e6 AuthenticatorMinimum system requirements Recommended system requirements Workstation requirementsWork flow in a Windows environment 8e6 Authenticator configuration priority WAABwCw 8e6 Authenticator configuration syntaxWDDEwCw Table of parameters Param Parameter Values Dbg Release Meaning DefaultIntroduction Authentication Operations RV102.108.1.0-102.108.1.2551.1.1.12.2.2.2,102.108.2.0 Novell eDirectory servers Novell eDirectory AgentClient workstations Novell eDirectory setupNovell clients R3000 setup and event logs KEY Authentication Solution CompatibilityConfiguration procedures Configuring the R3000 for AuthenticationSystem section Introduction Authentication Operations If using the router or firewall mode Enter eth0 Ethernet Create unique filtering profiles for individual users Group sectionEnd User AdministratorEnvironment Requirements Workstation RequirementsNetwork Requirements Specify the operation mode Set up the Network for AuthenticationNetwork Setup SET UP the Network for Authentication Specify the subnet mask, IP addresses LAN Settings windowRouter or firewall mode Invisible modeEnable/Disable Authentication window Enable authentication, specify criteriaNetwork Setup SET UP the Network for Authentication Net use based authentication Web-based authentication Java applet Tier 3 dialog box Authentication Settings window Enter network settings for authenticationNIC Device to Use for Authentication field Create an SSL certificate Authentication SSL Certificate windowDownload/View/Delete Certificate tab Create, Download a Self-Signed CertificateCreate a Third Party Certificate Create, Upload a Third Party Certificate10 Create CSR pop-up window Enter your Email Address11 Upload Signed SSL Certificate box Upload a Third Party Certificate12 Download CSR pop-up window Download a Third Party Certificate13 View Log File window View log resultsNetwork Setup SET UP the Network for Authentication Click View to display results in the Result pop-up window 15 Block Page Authentication window Specify block page settingsClick Apply to apply your settings Block Page Authentication16 Block BlockUser/Machine frame Optional Links Back and Help links OptionsOption 19 Re-authentication option Option 20 Common Customization window Common CustomizationEnable, Disable Features TIP Click Restore Default to revert to the default settings 21 Authentication Form Customization window Authentication Form CustomizationNetwork Setup SET UP the Network for Authentication 22 Sample Customized Authentication Request Form Preview Sample Authentication Request FormNetwork Setup SET UP the Network for Authentication 23 Block Page Customization window Block Page CustomizationNetwork Setup SET UP the Network for Authentication 24 Sample Customized Block Preview Sample Block100 Join the NT Domain Authentication Settings window102 Add an NT domain Create an NT Domain104 Refresh the NT branchView or modify NT domain details Domain Settings106 NT Domain Details window, Default Rule tab Default Rule108 Delete an NT domainAdd NT groups, members to the tree Set up NT Domain Groups, Members110 Set Group Priority window Specify a group’s filtering profile priority112 Manually Add Member box Manually add a user’s name to the tree114 Manually add a group’s name to the treeUpload User/Group Profile window Upload a file of filtering profiles to the tree116 10 Upload Member Profile File window117 Add an NT group, member to the tree list Create and Maintain NT Profiles118 Click Add 120 Add or maintain an entity’s profileCategory Profile 122 Redirect URL14 Group Profile window, Filter Options tab Filter Options124 Remove an entity’s profile from the treeAdd the Ldap domain Create an Ldap DomainView, modify, enter Ldap domain details Refresh the Ldap branch126 Ldap Server Type 128 Group ObjectsClick Next to go to the User tab 130 User ObjectsLdap domain address information populates the Address tab Address Info132 Click Next to go to the Account tab 134 Account InfoDomain Details window, SSL tab SSL Settings136 Upload SSL Certificate for LdapsDomain Details window, Alias List tab Alias List138 11 Domain Details window, Default Rule tab 140 Configure a backup server Default Rule for Novell eDirectory142 13 Backup Server Configuration, Address InfoTIP The entry in this field is case sensitive 144 15 Backup Server Configuration, SSL SettingsDelete a domain Modify a backup server’s configurationAdd Ldap groups, users to the tree Set up Ldap Domain Groups, Members146 Options for search results Perform a basic searchUnmark All Apply a filtering rule to a profile148 17 Set Group Priority window Delete a rule150 18 Manually Add Member box19 Manually Add Group box 152 20 Upload User/Group Profile window21 Upload Member Profile File window 154 Add an Ldap group, member to the tree Create, Maintain Ldap Profiles156 23 Group Profile window, Category tab 158 24 Group Profile window, Redirect URL tab 160 25 Group Profile window, Filter Options tab161 162 Test Authentication Settings163 Create an IP Group, test Test Web-based authentication settings164 Create Sub Group box Create a Sub-Group, workstation166 Set up test with a 32-bit net maskSub Group Members window Give workstation a 32-bit net mask168 Block everything for the Sub-GroupSelect Authentication Request Form Click Apply Use Authentication Request Page for redirect URL170 Disable filter optionsInternet Explorer browser Attempt to access Web content172 Username PasswordTest net use based authentication settings 174 Activate Authentication on the NetworkCreate a new IP Group, webauth Activate Web-based authentication for an IP Group176 Set webauth to cover users in range13 Create Sub Group box Create an IP Sub-Group178 14 Sub Group Members window15 Sub Group Profile window, Category tab 180 16 Sub Group Profile window, Redirect URL tab17 Sub Group Profile window, Filter Options tab 182 Set Global Group to filter unknown traffic19 Global Group Profile window, Port tab 184 Select Default Block Page. b. Click ApplySelect filter options to be enabled. b. Click Apply 186 22 Default BlockExclude filtering critical equipment Activate Web-based authentication for the Global GroupRange to Detect Settings Block Web access, logging via Range to Detect188 24 Range to Detect Settings window, main window 190 Range to Detect Setup Wizard26 Range to Detect Setup Wizard, Step 192 27 Range to Detect Setup Wizard, Step28 Range to Detect Setup Wizard, Step 194 29 Range to Detect Setup Wizard, StepBypass B and go on to to complete this process 196 Block Web access via IP Sub-Group profileSelect Default Block Page, and then click Apply 198 33 Sub Group Profile window, Filter Options tab34 Global Group Profile window, Category tab Modify the Global Group Profile200 35 Global Group Profile window, Port tab36 Global Group Profile window, Redirect URL tab 202 37 Global Group Profile window, Filter Options tabModify the 3-try login script Activate NT authentication204 205 International HoursContact Information Domestic United States8e6 China Office Locations and Phone Numbers8e6 Corporate Headquarters USA 8e6 Taiwan208 Support ProceduresUsername Formats User/Group File Format and RulesRule Criteria Port command codesFilter Mode Values Category command codesCategory Codes Filter Option codes 212 File Format Rules and ExamplesNT User List Format and Rules 214 NT Group List Format and RulesLdap User List Format and Rules When translated, these strings of code mean216 CN=Sales, CN=Users, DC=qc, DC=local Rule1 Ldap Group List Format and RulesType Function Ports for Authentication System Access218 OpenLDAP Server Scenario Ldap Server CustomizationsNot all users returned in User/Group Browser R3000 Auth Disable SMB Signing RequirementsServer Signing Mode Not Defined Enabled Disabled SMB Signing CompatibilityFig. D-1 Go to Active Directory Users and Computers Disable SMB Signing Requirements in Windows222 Fig. D-3 Domain Controllers PropertiesFig. D-4 Group Policy Object Editor window 224 Fig. D-7 Group Policy Object Editor window, Local PoliciesFig. D-9 Define this policy setting 226 Verify certificate authority has been installedObtain or Export an SSL Certificate Export an Active Directory SSL CertificateClick OK to open the Console window Locate Certificates folder228 Fig. E-4 Add/Remove Snap-inFig. E-6 Certificates snap-in dialog box 230 Export the master certificate for the domainThis action launches the Certificate Export Wizard 232 Fig. E-12 Export File FormatFig. E-14 Settings 234 Export a Novell SSL CertficateFig. E-17 Export a Certificate pop-up window Obtain a Sun ONE SSL Certificate236 Override Pop-up BlockersYahoo! Toolbar Pop-up Blocker If pop-up blocking is enabledAdd override account to the white list 238 Fig. F-3 Allow pop-ups from sourceGoogle Toolbar Pop-up Blocker Fig. F-4 # blocked icon enabledAdwareSafe Pop-up Blocker Temporarily disable pop-up blocking240 Fig. F-6 Mozilla Firefox Popup Windows Preferences Mozilla Firefox Pop-up Blocker242 Set up pop-up blockingWindows XP SP2 Pop-up Blocker Use the Internet Options dialog boxUse the IE toolbar Fig. F-8 Toolbar setup244 Fig. F-9 Pop-up Blocker SettingsUse the Information Bar Set up the Information Bar246 Fig. F-11 Information Bar menu optionsGlossary 248 249 250 251 252 253 254 Numerics Index256 257 258 Https IanaLdap 260 NAT261 262 SMB/NT 264 265