This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Network Management & Authentication
- ExtremeCloud IQ- Site Engine Management Center
- Re: Extreme Control Rule and AD
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Extreme Control Rule and AD
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-29-2020 02:52 PM
Hi All,
I am trying to create Extreme Control rule sets for MAC and .1x authentication.
Is there not a way I can add a group condition to query a LDAP/AD Domain group?
I can see there is an option for LDAP user groups.
Also, do Extreme offer some sort of downloadable config for updating DHCP fingerprints.
Its really tedious to have to go in and add lines of code to add custom fingerprints, not to mention having to hunt through a log file to get them in the first place.
One other thing, any ideas/thoughts on being able to add if/or conditions into the same rule?
Thanks
Ian
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-13-2020 08:53 AM
Stefan,
With a script from
"Add MAC to Domain Computers" is executed when the computer authenticates. The MAC address is added to End-System and the timestamp is created (updated). Consequent User authentication can be combined with the condition of the End-System group. "Clear old End-Systems in the group" checks if the timestamp is older than X hours and old End-Systems are deleted from the group.
Mig
47 REPLIES 47
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-04-2021 03:41 PM
You only need to read and follow the links of the 2nd post in this thread.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-04-2021 02:52 PM
Hello,
i tried to follow you discussion - I failed however.
Maybe it´s even not the problem, I´m facing.
Customer just wants to authenticate its computers according to the fact, the computer being an AD-member.
We tried to create an end-system group (which will be verified in a rule), however we do not know, how to configure the end-system group to check the AD.
How is this to be configured? What string to be entered where?
Or is there NO chance to do it “easily”, just with scripting (as mentioned here)
Rgds. scripting: I have NO clue what and where to do with such scripts… 😞
Thank you !
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-13-2020 10:23 AM
Ok so it says to just use the object category to specify if its a domain machine or not.
thats works for me i think, ill give it a go.
I have created the two ldap profiles as advised in the guide, will see how it goes.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-13-2020 09:26 AM
Both mentioned workflows are available at the GitHub
Regards
Zdeněk Pala
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-13-2020 08:53 AM
Stefan,
With a script from
"Add MAC to Domain Computers" is executed when the computer authenticates. The MAC address is added to End-System and the timestamp is created (updated). Consequent User authentication can be combined with the condition of the End-System group. "Clear old End-Systems in the group" checks if the timestamp is older than X hours and old End-Systems are deleted from the group.
Mig
