NAC Manager LDAP Integration with Sub Domain

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
  • (Edited)

We are using NAC Manager with policys to authentificate our Staff which ist coming wireless from a EWC ... 

The Authentification works with LDAP against the Domain.    ....   username\Domain

Example :   Hans.Mustermann@thhf.net


Now we want to integrate also the students from our School into this ldap authentification,

but they are located into an subdomain.


Example : Franz.Mustermann@stud.thhf.net


Does this work with Nac Manger from Extreme ?? , we are using Netsight / NAC Manager 6.1.0

The Nac Manager know the ldap Connection to the Primary Domain and is joined into this Domain, rather a Student send a logon request with his subdomain logon, the ldap should forward this to the subdomain DC ... i think this is more a Windows Problem.

I only want to know if here is anybody who has already a working Environment with subdomains and LDAP Authentification.


Regards

Christian

PS : Sorry for bad gramma .. non native english author


Photo of info@systemhaus-genthin.de

Posted 3 years ago

  • 0
  • 1
Photo of Pala, Zdenek

Pala, Zdenek, Employee

  • 8,474 Points 5k badge 2x thumb
Should work. Configure advanced AAA rules : based on the username part (subdimain) use different aaa server/method = different LDAP server/settings. Good luck :)
Photo of Piotr Owczarek

Piotr Owczarek

  • 484 Points 250 badge 2x thumb
Hope that Attached pic will help You. If not do not hesitate to ask  :)  

ok .. thx i will try this ..

The Domain there is :

thhf.local  and the subdomain is ...

stud.thhf.local

Actualy .. there is only * asterisk on the Place for User Match. and the users with ldap are loging through wireless Clients ... with thhf\username .


So i only should separate the two ldap Connections with ...

User Match :   stud.thhf\*

User Match :  thhf\*


I will try this into next days ... and will give a reply ..


Photo of Piotr Owczarek

Piotr Owczarek

  • 484 Points 250 badge 2x thumb
It should work. You can check if the condition of domain name containing "stud" is met and then classify user to be authenticated by one LDAP server and if not classify by the second.

Hello Piotr,


many thx .. it works ..

I have separated the Domains by the Logon Praefix ...an it works ..

Screenshot for all others :-)  ... having the same Problem.

Photo of Piotr Owczarek

Piotr Owczarek

  • 484 Points 250 badge 2x thumb
I'm glad that I could help You :)