topic RE: LDAP host validation - Reverse DNS lookup in ExtremeCloud IQ- Site Engine Management Center

LDAP host validation - Reverse DNS lookup

Luis_Oliveira — Tue, 14 Feb 2017 17:17:00 GMT

Hi,

As described by Yacobucci, Ryan https://community.extremenetworks.com/extreme/topics/nac-restricting-access-for-nondomain-devices. DNS reverse lookup takes part of LDAP host validation.

however, I’m doing a huge NAC deployment (about 2000 wireless devices connected to IdentiFi network). The rule defined to validade users and computers in the AD are not working and i figured out the DNS reverse zones are not being updated by the DHCP. Is there any alternative to avoid reverse DNS lookup?

Many thanks for all.

Luís Oliveira

RE: LDAP host validation - Reverse DNS lookup

Keene__Scott — Thu, 23 Feb 2017 01:10:00 GMT

Hello,
There is no alternative that I know of for this other than to get the DHCP server issue resolved. NAC will first resolve the End System's IP after an authentication, then its conducts the reverse lookup to DNS, in order to get the FQDN. If that data is not accurate then the rule will fail.

There is an article in the knowledge-base for hostname resolution. You can use this to determine if the FQDN of the End System is being reported to NAC by the DNS server / reverse lookup process:

https://gtacknowledge.extremenetworks.com/articles/How_To/NAC-Troubleshooting-Tips-Debug-Incorrect-o...

Regards,

Scott Keene
NMS/NAC Support

RE: LDAP host validation - Reverse DNS lookup

Luis_Oliveira — Thu, 02 Mar 2017 17:20:00 GMT

Many Thanks Keene,

We are now using agent-based assessment to validate if the host belongs to the domain. It works fine for windows laptops. They have also macOS laptops registered in the domain. Do you know how to validate these ones using the assessment agent?
Many thanks once again

Luís Oliveira