Table of Contents
Advertisement
16.5.1 DNS/Windows Domain Authentication and Quarantined
Endpoints
In order to satisfy the following scenarios:
A guest user gets redirected
A user is redirected if their home page is the Intranet
The only host that is resolved is the domain controller (DC); and no other intranet hosts are
resolved.
Windows domain authentication can take place from quarantine with minimal configuration
Perform the following steps:
1 Configure the domain suffixes in the quarantine areas to a placeholder, such as the following:
quarantine.bad
2 Enter the full domain controller hostnames in the System configuration>>Accessible services
area (for example, dc01.mycompany.com, dc02.mycompany.com).
3 Ensure that each ES has a valid, fully qualified domain name (FQDN) and that the domain
portion matches the domain for the registered windows domain.
4 Ensure that each ES is configured with one or more valid DNS servers that can fully resolve
(both A and PTR records) each ES.
5 Ensure that the following ports on the domain controller/active directory (DC/AD) servers are
available from quarantine:
88
389
135-139
1025
Novell ZENworks Network Access Control will then lookup the Kerberos and LDAP services, and
resolve those services within its own DNS server used for quarantined devices.
For example:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.lvh.com. 86400 IN SRV 0
100 88 dc01.lvh.com
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.lvh.com. 86400 IN SRV 0 100
389 dc01.lvh.com
When a browser is configured with an Intranet site as its home page, it will get redirected as shown
in the following example process:
-> lookup intranet.mycompany.com
<- get an NXDomain (since dc01.mycompany.com is in the forwarders, all other
mycompany.com hostnames get an NXDomain; that is the way named works).
-> lookup intranet.mycompany.com.quarantine.bad
<- get Novell ZENworks Network Access Control IP address
System Administration 333
Advertisement
Table of Contents
