Table of Contents
Advertisement
2
The user initiates a request for an Internet resource (such as a Web page, an audio or video stream, or a
chat program). The Dell SonicWALL network security appliance detects the request.
3
The Dell SonicWALL appliance queries the SSO Agent.
4
The SSO Agent queries the eDirectory server about the user.
5
The SSO Agent communicates the user's content filtering policies to the Dell SonicWALL appliance, based
on the user's individually assigned policies and any policies inherited from groups and from
organizational units. The Dell SonicWALL appliance allows, logs, or blocks the user's request, based on
the user's content filtering policies.
About user identification methods
The SSO Agent supports the user identification methods described in the following sections:
•
About client probing with NETAPI or WMI
•
About DC security logs
•
About using Samba on Linux/UNIX clients
•
About NetBIOS mapping support
About client probing with NETAPI or WMI
Client probing includes both Windows Management Instrumentation (WMI) and NetAPI probing methods.
WMI is the infrastructure for management data and operations on Windows-based operating systems. The SSO
Agent sends a WMI request to the client, and then determines the username and domain name by examining
certain processes on the client machine.
NetAPI is another interface based on Windows DCE-RPC service. In this case, the SSO Agent sends a request that
lists the users logged into the client workstation. This list includes interactive, service and batch logons. The
SSO Agent then determines the correct user name in this list. The NetAPI method is much faster than the WMI
method, but might not always yield a correct username.
Windows Firewall might block both methods by default.
To enable WMI methods in the Windows Firewall, you can select Windows Management Instrumentation in
Control Panel > All Control Panel Items > Windows Firewall > Allowed Programs.
To enable the NetAPI method in Windows Firewall, you can select File and Printer Sharing.
If a user logs onto a machine using a local account instead of a Windows domain account, the SSO Agent can
only identify this user through a Client Probing method. This is because the other methods all involve Active
Directory. When the administrator enables the WMI/NetAPI Scanner option in Directory Services Connector, the
SSO Agent repeatedly probes these IP addresses using Client Probing methods. The SSO Agent can detect when
the user has logged off, and it sends a log off notification to SonicOS.
About DC security logs
The domain controller (DC) is a server that responds to security authentication requests (Logging in, checking
permissions, and so on), within the Windows Server domain. In Microsoft Windows, the DC security log contains
records of log in and log out activity or other security-related events specified by the system's audit policy.
When a domain user tries to log in to the domain network, the domain controller logs a message in the security
log.
Using DC Security Log as the query source method, the SSO Agent can identify users who log on to the Windows
domain. The SSO Agent sends a login notification to the appliance as soon as it detects a user login. The SSO
Agent also monitors event messages with specific Event IDs and notifies SonicOS with the user's information and
logoff status.
on page
on page
11
on page
on page
12
11
13
Dell SonicWALL Directory Services Connector 3.7
11
Administration Guide
Advertisement
Table of Contents
