This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NAC Manager LDAP Integration with Sub Domain

NAC Manager LDAP Integration with Sub Domain

info_systemhaus
New Contributor II

‎06-15-2015 03:44 AM

We are using NAC Manager with policys to authentificate our Staff which ist coming wireless from a EWC ...

The Authentification works with LDAP against the Domain. .... username\Domain

Example : Hans.Mustermann@thhf.net

Now we want to integrate also the students from our School into this ldap authentification,

but they are located into an subdomain.

Example : Franz.Mustermann@stud.thhf.net

Does this work with Nac Manger from Extreme ?? , we are using Netsight / NAC Manager 6.1.0

The Nac Manager know the ldap Connection to the Primary Domain and is joined into this Domain, rather a Student send a logon request with his subdomain logon, the ldap should forward this to the subdomain DC ... i think this is more a Windows Problem.

I only want to know if here is anybody who has already a working Environment with subdomains and LDAP Authentification.

Regards

Christian

PS : Sorry for bad gramma .. non native english author

0 Kudos
11 REPLIES 11

info_systemhaus
New Contributor II
In response to Zdeněk_Pala

‎06-15-2015 03:53 AM

ok .. thx i will try this ..

The Domain there is :

thhf.local and the subdomain is ...

stud.thhf.local

Actualy .. there is only * asterisk on the Place for User Match. and the users with ldap are loging through wireless Clients ... with thhf\username .

So i only should separate the two ldap Connections with ...

User Match : stud.thhf\*

User Match : thhf\*

I will try this into next days ... and will give a reply ..

0 Kudos

Piotr_Owczarek
New Contributor III
In response to Zdeněk_Pala

‎06-15-2015 03:53 AM

Hope that Attached pic will help You. If not do not hesitate to ask 🙂

b1b06c7cd073413f92e2cabe53c3d3b2_RackMultipart20150615-11317-1c74r4x-LDAP_inline.jpg

0 Kudos

info_systemhaus
New Contributor II
In response to Zdeněk_Pala

‎06-15-2015 03:53 AM

Hello Piotr,

many thx .. you have configured the connection to 2 different LDAP Sources as i understand via the advancec AAA Config .... is this correct ?

Could you post me an example how you can divide the users from different Domains ?

0 Kudos

Piotr_Owczarek
New Contributor III
In response to Zdeněk_Pala

‎06-15-2015 03:53 AM

Hello Christian,

I have such solution working. Two different domains, LDAP Advanced config and users belonging to different domains.
No problem at all.
You just need to construct reliable criteria for checking domain membership for user being authenticated, and that is all.
Piotr
0 Kudos

info_systemhaus
New Contributor II
In response to Zdeněk_Pala

‎06-15-2015 03:53 AM

If you are able to join the NAC into the different domains - all is fine

This will become the "Main Question" .. and it´s to be feared .. that this will not work.

The solution with using an own NPS on Windows .. and bring the Auth- Traffic from the EWS direct to the DC of the subdomain, was our alternative Idea ...

To manage all LDAP Configurations on the netsight console would be more smart .. but if it´s not possible, we will bring the Auth direct over NPS to the Servers .




0 Kudos
GTM-P2G8KFN