cancel
Showing results for 
Search instead for 
Did you mean: 

Authentication with active directory

SOLVED
seaweed_
Occasional Contributor

Authentication with active directory

I have configured external authentication with active directory.i have configured an LDAP server with type Active directory.

the settings are:

Admin DN:cn=grjuniper,ou= IT,ou=XX,dc=company,dc=net

Password:XXXXX

Finding User Entries

Base DN:dc=company,dc=net

Filter:samaccountname=<USER>

and at role mapping for the realm i have configured the rule : username is "*" then assign a role.

When i try to log to the ssl with a user configured in the customers active directory works fine.

But there is one problem im facing and i dont know how to configure it.

I was able to log to the ssl with my laptop which is not part of the customers domain,the customer wants the ssl to permit only the workstations which are members of his domain.The customer has another ssl appliance which has this option configured i think as a user attribute.

Any help on how to do this will be much appreciated

Thank You

Message Edited by seaweed on 04-28-2009 01:23 AM
1 ACCEPTED SOLUTION

Accepted Solutions
mehdi_
Contributor

Re: Authentication with active directory

hello seaweed,

ok now inderstant what you need , ok , you can set strategy with the host checker, when any users need to access with their laptop the howt cheker will check if this laptop corresponding to the domain

befor authticate any user to access the ressource you check thier laptop ,

i idvise you to create files.reg example:

Key/Subkey: SYSTEM\CurrentControlSet\Services\Tcpip\Security\Key
Binary; f0deyrrYYU01237fcc4587jdbnfkdl64e6e424fe00000008e56dd33

and save it

go to endepoint security >>>>>>host checker >>>cPolicies>>>clik new name exemple entreprise policy:

windows>>> Rule setting >>>>registery setting>>> Add

Key/Subkey: SYSTEM\CurrentControlSet\Services\Tcpip\Security\Key
Binary;
f0deyrrYYU01237fcc4587jdbnfkdl64e6e424fe00000008e56dd33

and save

after that bind this with the role map trougth hostcheker

hope help you

thanks

let me know

View solution in original post

10 REPLIES 10
mehdi_
Contributor

Re: Authentication with active directory

Hello saeweed

i would like to share with you this script to deploy you reg key to all windows worksation in your network

step 1 _ create file.txt  and wirte in :

  for /f %%p in (hosts.txt) do reg add \\%%p\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Security /v Key /t REG_BINARY /d f0dfgffg0d134167fccdfdf1588787dfe

and save as it regkey.bat

Step2 _ cretae another file host.txt and put it all ip's for your workstation and execute your regkey.bat

i hope this help you please let me know if you need detail 





**If this reply solved your problem click on Kudos **
Kind Regard
http://www.linkedin.com/in/mkhitmane
personal mail: [email protected]
mehdi_
Contributor

Re: Authentication with active directory

Hello sweed,

do you need to aplaying policy to permit only workstations which are member domain ????

thanks

seaweed_
Occasional Contributor

Re: Authentication with active directory

i dont know whether it must be a policy,user attribute or group membership.the thing the customer wants is only workstations that are configured in the domain. e,g my laptop is not a member of the domain but still can log to the ssl.We dont want that.
mehdi_
Contributor

Re: Authentication with active directory

hello seaweed,

ok now inderstant what you need , ok , you can set strategy with the host checker, when any users need to access with their laptop the howt cheker will check if this laptop corresponding to the domain

befor authticate any user to access the ressource you check thier laptop ,

i idvise you to create files.reg example:

Key/Subkey: SYSTEM\CurrentControlSet\Services\Tcpip\Security\Key
Binary; f0deyrrYYU01237fcc4587jdbnfkdl64e6e424fe00000008e56dd33

and save it

go to endepoint security >>>>>>host checker >>>cPolicies>>>clik new name exemple entreprise policy:

windows>>> Rule setting >>>>registery setting>>> Add

Key/Subkey: SYSTEM\CurrentControlSet\Services\Tcpip\Security\Key
Binary;
f0deyrrYYU01237fcc4587jdbnfkdl64e6e424fe00000008e56dd33

and save

after that bind this with the role map trougth hostcheker

hope help you

thanks

let me know

View solution in original post

seaweed_
Occasional Contributor

Re: Authentication with active directory

is this the only way to do it? through the registry? what if the user has a mac?
mehdi_
Contributor

Re: Authentication with active directory

you can check specifique files in thier directory for example
mehdi_
Contributor

Re: Authentication with active directory

hi sorry i forgot to explaine you what i mean check thier direcoty

for exaple you can crete file and place it in one of thier directory and create new host checker and bind it to the role mapping andyou can also crete a new sing in only for MAC users and bind it with the releam server

example :

https://sa.domaine.com/Mac

rule is :

only user can authenticate if the hostchecker check and permit

kernel verison XXX

file (creted by you in specific directory)

this is only example.

hope i help you

Message Edited by mehdi on 04-28-2009 12:34 PM
mehdi_
Contributor

Re: Authentication with active directory

hi seaweed

could you please inform me if it is ok for you ?! if no please let me know.

thank you

seaweed_
Occasional Contributor

Re: Authentication with active directory

it is ok thank you i havent tried it yet but i think it will be fine.i have one last question.The registry key i assume it is the same on all workstations which are part of the domain.can you tell me the path to find the registry key ?

Thank you