NetSight 6.1 Virtual Appliance

  • 1
  • 1
  • Question
  • Updated 3 years ago
  • Answered
Hey Guys, 
just a short question. with the virtual Appliance of NetSight it is only possible to authenticate domain user through radius-server?

Thanks in advance
Photo of Philipp Tittmann

Philipp Tittmann

  • 774 Points 500 badge 2x thumb

Posted 3 years ago

  • 1
  • 1
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,306 Points 20k badge 2x thumb
You'd also use LDAP....
Photo of Nico Willamowski

Nico Willamowski

  • 876 Points 500 badge 2x thumb

Hello Philipp,


we also had a virtual appliance and authenticate the user with LDAP against the active Directory. Authenticate Domain users, when Domain users is Primary Group in the AD is a Little bit tricky. you have to use a ldap browser and look for the Primary Group id in the Active Directory for Domain users. you can find this under "objectSid" and you Need the last numbers behind the last Hyphen. at last you have to create a new authorization Group in Netsight and give the Membership criteria "primaryGroupID=xxxx". Of course you have to set your ldap configuration at first!

Photo of Michael Kirchner

Michael Kirchner

  • 1,846 Points 1k badge 2x thumb
Thanks :)

It is also possible to use the memberOf Attribute.





Best Regards
Michael
Photo of Philipp Tittmann

Philipp Tittmann

  • 774 Points 500 badge 2x thumb
thanks for the replies and nico for the detailed description ;-) 
Photo of Nico Willamowski

Nico Willamowski

  • 876 Points 500 badge 2x thumb
But Philipp wants to use the Domain Users. Mostly the Domain Users are the Primary Group in the AD and so autentication with "memberOf" doesn ́t work. So you had to use the "primaryGroupId". In the example from Michael he use the Group "Domain Admins" I don ́t think that this is Primary Group in his Active Directory. We also you for some authentication the "memberOf" Critera but then this AD Group isn ́t the Primary Group.
Photo of Michael Kirchner

Michael Kirchner

  • 1,846 Points 1k badge 2x thumb
That is right - I took Thema "domain unseres" More generic, like not the group " Domain Users". But you are absolute correct. Thanks