Windows Domain Authentication And Quarantined Endpoints - Extreme Networks Sentriant AG Software User's Manual

the initial login process. Once the lease expires (in at most, three minutes), a new IP address (the non-
quarantined IP address) can be assigned and access is actually granted.
To define access settings for non-supported operating systems, see
Settings" on page 228.
Windows Domain Authentication and Quarantined
Endpoints
In order to satisfy the following scenarios:
A guest user gets redirected
●
A user is redirected if their home page is the Intranet
●
The only host that is resolved is the domain controller (DC); and no other intranet hosts are resolved.
●
Windows domain authentication can take place from quarantine with minimal configuration
●
Perform the following steps:
1 Configure the domain suffixes in the quarantine areas to a placeholder, such as the following:
quarantine.bad
2 Enter the full domain controller hostnames in the System configuration>>Accessible services area
(for example,
dc01.mycompany.com, dc02.mycompany.com
3 Ensure that each ES has a valid, fully qualified domain name (FQDN) and that the domain portion
matches the domain for the registered windows domain.
4 Ensure that each ES is configured with one or more valid DNS servers that can fully resolve (both A
and PTR records) each ES.
5 Ensure that the following ports on the domain controller/active directory (DC/AD) servers are
available from quarantine:
88
■
389
■
135-139
■
1025
■
Sentriant AG will then
lookup
own DNS server used for quarantined devices.
For example:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.lvh.com. 86400 IN SRV 0 100 88
dc01.lvh.com
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.lvh.com. 86400 IN SRV 0 100 389
dc01.lvh.com
Sentriant AG Software Users Guide, Version 5.2
the Kerberos and LDAP services, and resolve those services within its
Quarantined Networks
"Defining Non-supported OS Access
).
239