Chapter 4 Configuring Sponsor Authentication

Configuring Active Directory (AD) Authentication

Configuring Active Directory (AD) Authentication

Active Directory Authentication authenticates sponsor users to the Guest Server using their existing AD user accounts. This keeps sponsors from having to remember another set of user names and passwords just to authenticate to the Guest Server. It also enables the administrator to quickly roll out Guest Access because there is no need to create and manage additional sponsor accounts. Active Directory authentication allows you to do the following:

Add Active Directory Domain Controller

Edit Existing Domain Controller

Delete Existing Domain Controller Entry

AD authentication supports authentication against multiple domain controllers. The domain controllers can be part of the same Active Directory to provide resilience, or they can be in different Active Directories so that the Guest Server can authenticate sponsor users from separate domains, even where no trust relationship is configured.

All Active Directory Authentication is performed against individual domain controller entries. A domain controller entry consists of 6 items:

Server Name—A text description to identify the domain controller. As a best practice, Cisco recommends identifying the domain controller and the account suffix in this field (although it can be set to anything that you choose.)

User Account Suffix—Every user in Active Directory has a full user logon name which appears as “username@domain.” Typing the @domain suffix (including the @ symbol) in this field allows sponsor users not to have to enter their full user logon name.

Domain Controller IP Address—The IP address of the domain controller that the sponsor user authenticates against.

Base DN—The root of the Active Directory. This allows an LDAP search to be performed to find the user group of the sponsor.

AD Username— The user account that has permissions to search the AD. This allows an LDAP search for the user group of the sponsor.

AD Password—The password for the user account that has permissions to search the AD.

To allow you to authenticate different user account suffixes against the same domain controller, you can create multiple domain controller entries with the same IP address and different user Account suffixes. All that needs to be different in each entry is the Server Name, User Account Suffix and Base DN.

To provide resilience in the event of a domain controller failure, you can enter multiple entries for the same User Account Suffix with different Domain Controller IP Addresses. All that needs to be different in each entry is the Server Name.

The Guest Server attempts to authenticate sponsors against each Domain Controller entry according to the Authentication Order specified in Configuring Sponsor Authentication Settings, page 4-18.

Cisco NAC Guest Server Installation and Configuration Guide

 

OL-15986-01

4-5

 

 

 

Page 41
Image 41
Cisco Systems OL-15986-01 manual Configuring Active Directory AD Authentication

OL-15986-01 specifications

Cisco Systems OL-15986-01 refers to a specific online training course offered by Cisco, primarily focusing on the implementation and configuration of Cisco routers and switches. This course is part of the larger Cisco Networking Academy program, designed to equip individuals with the necessary skills to enter and succeed in the networking field.

One of the main features of OL-15986-01 is its comprehensive curriculum that covers a wide range of networking concepts including IP addressing, routing protocols, switching technologies, and network management. The coursework emphasizes practical, hands-on experience, allowing students to work with various Cisco technologies, whether through simulations or actual equipment. This aligns with Cisco's commitment to experiential learning, enabling students to apply theoretical knowledge in real-world scenarios.

The course also incorporates advanced technologies and methodologies. For example, it delves into IPv6 addressing and its significance in modern networking, alongside traditional IPv4. Routing protocols such as OSPF, EIGRP, and BGP are discussed in detail, providing learners with insights into how data is routed efficiently across different networks. Additionally, the course covers switching technologies, including VLANs, STP, and EtherChannel, which are essential for configuring robust and efficient local area networks (LANs).

Another noteworthy characteristic of OL-15986-01 is its focus on network security. Students learn about the vulnerabilities that networks face and how to implement security measures to protect network infrastructure. Topics include secure access methods, firewall configurations, and the use of VPNs for secure remote access.

Furthermore, the course emphasizes troubleshooting techniques, empowering students with the skills to identify and resolve network issues effectively. Practical lab sessions and assessments allow learners to demonstrate their comprehension of networking principles and their ability to apply them in various situations.

Ultimately, Cisco Systems OL-15986-01 is designed for individuals seeking to boost their networking knowledge and skillset, paving the way for careers in IT infrastructure management, network engineering, and other technology-related fields. By completing this course, participants gain a solid foundation in networking that can lead to valuable Cisco certifications, enhancing their professional credibility in a competitive job market.