Main
Page
R3000 ENTERPRISE FILTER AUTHENTICATION USER GUIDE
Page
C
CHAPTER 1: INTRODUCTION ..........................................1
Filtering Elements .......................................................................8
Authentication Operations .......................................................23
Page
CHAPTER 2: NETWORK SETUP ....................................58
Environment Requirements .....................................................58
Set up the Network for Authentication ....................................60
CHAPTER 3: NT AUTHENTICATION SETUP ..................101
Set up NT Domain Groups, Members ....................................109
Create and Maintain NT Profiles ............................................118
CHAPTER 4: LDAP AUTHENTICATION SETUP .............125
Create an LDAP Domain .........................................................125
CHAPTER 5: AUTHENTICATION DEPLOYMENT .............162
Test Authentication Settings ................................................. 162
Activate Authentication on the Network ...............................174
CHAPTER 6: TECHNICAL SUPPORT ............................206
APPENDIX A ..............................................................209
Support Procedures ................................................................ 208
User/Group File Format and Rules ........................................209
APPENDIX B ..............................................................218
Ports for Authentication System Access ..............................218
APPENDIX C ..............................................................219
LDAP Server Customizations ................................................219
APPENDIX D ..............................................................220
APPENDIX G .............................................................247
Glossary ...................................................................................247
INDEX .......................................................................255
CHAPTER 1: INTRODUCTION
About this User Guide
blocker software installed; a glossary on authentication terms, and an index.
How to Use this User Guide
Conventions
The following icons are used throughout this user guide:
Terminology
Page
Page
Page
Page
Filtering Elements
Group Types
Global Group
IP Groups
NT Domain Groups
LDAP Domain Groups
Filtering Profile Types
Static Filtering Profiles
Master IP Group Filtering Profile
IP Sub-Group Filtering Profile
Individual IP Member Filtering Profile
Active Filtering Profiles
Global Filtering Profile
NT/LDAP Group Filtering Profile
NT/LDAP Member Filtering Profile
Override Account Profile
Time Profile
Lock Profile
Filtering Profile Components
Library Categories
8e6 Supplied Categories
Custom Categories
Service Ports
Rules
Minimum Filtering Level
Filter Settings
Filtering Rules
Page
Page
Authentication Operations
R3000 Authentication Protocols
R3000 Authentication Tiers
tory server, the Novell eDirectory Agent can be used instead to authenticate end users.
Tier 1: Single Sign-On Authentication
Net use based authentication process
Re-authentication process
Authentication methods
SMB protocol
SMB Signing
LDAP protocol
Name resolution methods
Authentication setup procedures
Server setup types
Tier 1: Net use based authentication
Tier 2 and Tier 3: Web-based authentication
Configuring the authentication server
Login scripts
Enter net use syntax in the login script
View login script on the server console
Block page authentication login scripts
LDAP server setup rules
Tier 2: Time-based, Web Authentication
Tier 2 implementation in an environment
Tier 2 Script
Tier 1 and Tier 2 Script
Page
Tier 3: Session-based, Web Authentication
8e6 Authenticator
Environment requirements
Minimum system requirements
Recommended system requirements
Workstation requirements
Work flow in a Windows environment
8e6 Authenticator configuration priority
8e6 Authenticator configuration syntax
Sample command line parameters
Sample configuration file
Sample R3000 configuration update packet PCFG
Table of parameters
Default
The following table contains the different parameters, their meanings, and possible values.
Param ID
Parameter Meaning Values Dbg
Page
Page
Novell eDirectory Agent
Environment requirements
Novell eDirectory servers
Client workstations
Novell clients
Novell eDirectory setup
R3000 setup and event logs
Authentication Solution Compatibility
Below is a chart representing the authentication solution compatibility for a single user:
KEY: N/A = Not Applicable N/R = Not Recommended
Configuring the R3000 for Authentication
Configuration procedures
System section
Page
Page
Group section
CHAPTER 2: NETWORK SETUP
Environment Requirements
Workstation Requirements
Administrator
End User
Network Requirements
Set up the Network for Authentication
Specify the operation mode
Page
Specify the subnet mask, IP address(es)
Invisible mode
Router or firewall mode
Enable authentication, specify criteria
Page
Net use based authentication
Web-based authentication
Page
Page
Enter network settings for authentication
Page
Create an SSL certificate
Create, Download a Self-Signed Certificate
CHAPTER 2: NETWORK SETUP SET UP THE NETWORK FOR AUTHENTICATION
74
TIP: Click Delete Certificate to remove the certificate from the server.
Create, Upload a Third Party Certificate
Create a Third Party Certificate
1. Click the Third Party Certificate tab:
Fig. 2-9 Third Party Certificate tab
Page
Upload a Third Party Certificate
Download a Third Party Certificate
View log results
Page
Page
CHAPTER 2: NETWORK SETUP SET UP THE NETWORK FOR AUTHENTICATION
8 E 6 T ECHNOLOGIES , R3000 E NTERPRISE F ILTER A UTHENTICATION U SER G
Specify block page settings
Fig. 2-15 Block Page Authentication window
Block Page Authentication
Block page
User/Machine frame
Standard Links
Optional Links
Options page
Option 1
Option 2
Option 3
Common Customization
Enable, Disable Features
Page
Authentication Form Customization
Page
Preview Sample Authentication Request Form
Page
Block Page Customization
To customize the block page, click Customization and select Block Page from the pop-up menu:
Page
Preview Sample Block Page
Page
CHAPTER 3: NT AUTHENTICATION SETUP JOIN THE NT DOMAIN
8E6 TECHNOLOGIES, R3000 ENTERPRISE FILTER AUTHENTICATION USER GUIDE 101
CHAPTER 3: NT AUTHENTICATION S
Fig. 3-1 Authentication Settings window
Join the NT Domain
Page
Create an NT Domain
Add an NT domain
Refresh the NT branch
View or modify NT domain details
Domain Settings
Page
Default Rule
Delete an NT domain
Set up NT Domain Groups, Members
Add NT groups, members to the tree
Page
Specify a groups filtering profile priority
Page
Manually add a users name to the tree
Manually add a groups name to the tree
Upload a file of filtering profiles to the tree
Page
Page
Create and Maintain NT Profiles
Add an NT group, member to the tree list
Page
Add or maintain an entitys profile
Category Profile
Redirect URL
Filter Options
Remove an entitys profile from the tree
C
UTHENTICATION
4: LDAP A
HAPTER
S
Refresh the LDAP branch
View, modify, enter LDAP domain details
LDAP Server Type
Click Next to go to the Group tab.
Group Objects
The Group tab is used for including or excluding group objects in the LDAP domain.
Page
User Objects
Address Info
Page
Page
Account Info
SSL Settings
Page
Alias List
Page
Default Rule
Page
Default Rule for Novell eDirectory
Configure a backup server
Page
Page
Page
Modify a backup servers configuration
Delete a backup servers configuration
Delete a domain
Set up LDAP Domain Groups, Members
Add LDAP groups, users to the tree
Perform a basic search
Options for search results
Apply a filtering rule to a profile
Delete a rule
Specify a groups filtering profile priority
Manually add a users name to the tree
Manually add a groups name to the tree
Upload a file of filtering profiles to the tree
Page
Page
Create, Maintain LDAP Profiles
Add an LDAP group, member to the tree
Page
Add or maintain an entitys profile
Category Profile
Redirect URL
Filter Options
Remove an entitys profile from the tree
CHAPTER 5: AUTHENTICATION D
Test Authentication Settings
Page
Test Web-based authentication settings
Step 1: Create an IP Group, test
Step 2: Create a Sub-Group, workstation
Step 3: Set up test with a 32-bit net mask
Step 4: Give workstation a 32-bit net mask
Step 5: Block everything for the Sub-Group
Step 6: Use Authentication Request Page for redirect URL
Step 7: Disable filter options
Step 8: Attempt to access Web content
Page
Test net use based authentication settings
Activate Authentication on the Network
Activate Web-based authentication for an IP Group
Step 1: Create a new IP Group, webauth
Step 2: Set webauth to cover users in range
Step 3: Create an IP Sub-Group
Page
Step 4: Block everything for the Sub-Group
Step 5: Use Authentication Request Page for redirect URL
Step 6: Disable filter options
Step 7: Set Global Group to filter unknown traffic
Page
Page
Page
Page
Activate Web-based authentication for the Global Group
Step 1: Exclude filtering critical equipment
Step 1A: Block Web access, logging via Range to Detect
Range to Detect Settings
4. Click Start the Setup Wizard to display Step 1 of the Range to Detect Setup Wizard:
Range to Detect Setup Wizard
Page
Page
Page
Page
Page
Step 1B: Block Web access via IP Sub-Group profile
CHAPTER 5: AUTHENTICATION DEPLOYMENT ACTIVATE AUTHENTICATION ON THE NETWORK
8E6 TECHNOLOGIES, R3000 ENTERPRISE FILTER AUTHENTICATION USER GUIDE 197
5. Click the Redirect URL tab to display the Redirect URL page:
Fig. 5-32 Sub Group Profile window, Redirect URL tab
6. Select Default Block Page, and then click Apply.
Page
Step 2: Modify the Global Group Profile
Page
Page
Page
Activate NT authentication
Step 1: Modify the 3-try login script
Step 2: Modify the Global Group Profile
Page
CHAPTER 6: TECHNICAL SUPPORT
Hours
Contact Information
Domestic (United States)
International
Office Locations and Phone Numbers
8e6 Corporate Headquarters (USA)
8e6 Taiwan
8e6 China
Support Procedures
APPENDIX A
User/Group File Format and Rules
Username Formats
Rule Criteria
Page
File Format: Rules and Examples
NT User List Format and Rules
NT Group List Format and Rules
LDAP User List Format and Rules
Page
LDAP Group List Format and Rules
APPENDIX B
Ports for Authentication System Access
The following ports should be used for authentication system access: Type No. Function
APPENDIX C
LDAP Server Customizations
OpenLDAP Server Scenario
Not all users returned in User/Group Browser
APPENDIX D
Disable SMB Signing Requirements
SMB Signing Compatibility
Disable SMB Signing Requirements in Windows 2003
Page
Page
Page
Page
APPENDIX E
Obtain or Export an SSL Certificate
Export an Active Directory SSL Certificate
Verify certificate authority has been installed
Locate Certificates folder
Page
Page
Export the master certificate for the domain
Page
Page
Page
Export a Novell SSL Certficate
Obtain a Sun ONE SSL Certificate
APPENDIX F
Override Pop-up Blockers
Yahoo! Toolbar Pop-up Blocker
Page
Google Toolbar Pop-up Blocker
AdwareSafe Pop-up Blocker
Temporarily disable pop-up blocking
Mozilla Firefox Pop-up Blocker
Windows XP SP2 Pop-up Blocker
Set up pop-up blocking
Use the Internet Options dialog box
Use the IE toolbar
Temporarily disable pop-up blocking
Use the IE toolbar
Use the Information Bar
Set up the Information Bar
Access your override account
Page
APPENDIX G
Glossary
Page
Page
Page
Page
Page
Page
Page
I
Numerics
A
B
C
D
E
F
G
H
I
J
L
M
N
O
P
R
S
T
U
V
W