System Settings; Dns/Windows Domain Authentication And Quarantined Endpoints - Extreme Networks Sentriant AG Software User's Manual

System Administration

System Settings

DNS/Windows Domain Authentication and Quarantined Endpoints

In order to satisfy the following scenarios:
A guest user gets redirected
●
A user is redirected if their home page is the Intranet
●
The only host that is resolved is the domain controller (DC); and no other intranet hosts are resolved.
●
Windows domain authentication can take place from quarantine with minimal configuration
●
Perform the following steps:
1 Configure the domain suffixes in the quarantine areas to a placeholder, such as the following:
quarantine.bad
2 Enter the full domain controller hostnames in the System configuration>>Quarantine/guest
resources area (for example, dc01.mycompany.com, dc02.mycompany.com).
3 Ensure that each ES has a valid, fully qualified domain name (FQDN) and that the domain portion
matches the domain for the registered windows domain.
4 Ensure that each ES is configured with one or more valid DNS servers that can fully resolve (both A
and PTR records) each ES.
5 Ensure that the following ports on the domain controller/active directory (DC/AD) servers are
available from quarantine:
88
■
389
■
135-139
■
1025
■
Sentriant AG will then lookup the Kerberos and LDAP services, and resolve those services within its
own DNS server used for quarantined devices.
For example:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.lvh.com. 86400 IN SRV 0 100 88
dc01.lvh.com
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.lvh.com. 86400 IN SRV 0 100 389
dc01.lvh.com
When a browser is configured with an Intranet site as its home page, it will get redirected as shown in
the following example process:
->
lookup intranet.mycompany.com
<- an NXDomain (since
get
hostnames get an NXDomain; that is the way
310
is in the forwarders, all other
dc01.mycompany.com
works).
named
mycompany.com
Sentriant AG Software Users Guide, Version 5.3