cancel
Showing results for 
Search instead for 
Did you mean: 

Extreme Control Rule and AD

Extreme Control Rule and AD

Ian_Broadway
New Contributor III

Hi All,

 

I am trying to create Extreme Control rule sets for MAC and .1x authentication.

Is there not a way I can add a group condition to query a LDAP/AD Domain group?

I can see there is an option for LDAP user groups.

 

Also, do Extreme offer some sort of downloadable config for updating DHCP fingerprints.

Its really tedious to have to go in and add lines of code to add custom fingerprints, not to mention having to hunt through a log file to get them in the first place.

 

One other thing, any ideas/thoughts on being able to add if/or conditions into the same rule?

Thanks

Ian

1 ACCEPTED SOLUTION

Miguel-Angel_RO
Valued Contributor II

Stefan,

 

With a script from @Zdenek Pala (https://github.com/extremenetworks/ExtremeScripting/blob/master/Netsight/oneview_workflows/combo/Use... you can mix both authentications to ensure that the user authentication is done on a computer from the domain:

"Add MAC to Domain Computers" is executed when the computer authenticates. The MAC address is added to End-System and the timestamp is created (updated). Consequent User authentication can be combined with the condition of the End-System group. "Clear old End-Systems in the group" checks if the timestamp is older than X hours and old End-Systems are deleted from the group.

 

Mig

View solution in original post

47 REPLIES 47

SDR
New Contributor III

Hi Miguel,

 

we are not onsite anymore + have no Remote Access. Will be onsite tomorrow morning again.

We made several test, also with the Eval-Tool.

I´m not 100% sure, but almost, that there is NO issue shown with this configuration using the Eval Tool.

I tend to an existing client/windows issue, but i have no idea why + where.

I will check eval-tool tomorrow again.

BR 

SDR
New Contributor III

Did you join the AD with the control engine / nac gateway?

 

I think so - We followed the guides + all test-Scenarios (search within AD) were successfull.

However the Test with Client failed.

What we are wondereing about, too, is the fact, that Control shows the machine-name “host/whatever.domain.de” NOT under “Hostname” but under “Username”. 

Miguel-Angel_RO
Valued Contributor II

Hi SDR,

Could you share some screenshots from the config evaluation tool?

Usually you can get a lot of answers from there.

13976a8b614d48f3b0a1fbddf1af2cf3_89125a93-2b31-484c-8981-386e7066eb59.png

Mig

 

PeterK
Contributor III

Did you join the AD with the control engine / nac gateway?

SDR
New Contributor III

Hi Peter,

 

thank you. 

We started with Host-authentication, which fails with 

Auth-Type 802.1x (PEAP)

Reason: Rejected NTLM authentication

 

Can you assist with this, too? NAC issue or windows/nic configuration issue (however, we followed all available guides) 😞

GTM-P2G8KFN