NetBeat NAC Version 9.2 Build 4 Release Notes NetBeat NAC Appliance version 9.2 Build 4 includes the following: Windows Server 2012 Active Directory Support Active Directory Integration NetBeat NAC Appliance offers integration with Microsoft Windows Active Directory. Using Active Directory integration, NetBeat NAC users can Login to the appliance using their Active Directory username and password. The connection between NetBeat NAC Appliance and the Domain Controller is a secure connection and requires a certificate be installed on the Domain Controller. Please refer to Microsoft Documentation for instructions on certificate installation. Active Directory integration has been tested with Microsoft Windows 2003, 2008 and 2012 Domain Controllers. Make sure to enable SNMP on Domain Controller for agent-less integration. Alternatively you can download our secure agent service for your AD server and deploy it to create a secure (SSH) tunnel between your AD server and our NetBeat NAC appliance. Key AD Features Use your AD credentials to access NetBeat NAC. You can login to the appliance using your AD sign-on instead of a NetBeat NAC appliance specific user id/password combo such as MainAccount Keep an eye on USERS and bind USERS to MAC addresses. As users login to your network equipment/resources using their AD credentials, see this bound to their device/mac in the Manage Assets page NetBeat NAC Appliance also offers the ability to track login events when a user logs into the Active Directory domain. The Windows 2003 event id being tracked is 672. The Windows 2008 and 2012 event id being tracked is 4768. There are 2 methods available for tracking login events. NetBeat NAC Appliance provides a downloadable Windows agent. The agent installs on the Windows Domain Controller and runs as a service. The connection between the agent and NetBeat NAC Appliance is a secure SSH connection. SNMP Traps configured on the Windows Domain Controller can pass login events to NetBeat NAC Appliance. This method requires no installation of an agent on the Windows Domain Controller. Please note at time of this writing Microsoft Windows only supports SNMP V1 and V2. Please note, while no passwords are transmitted in the traps, it may be possible for the login event trap to be deciphered on the network. NetBeat NAC Appliance Active Directory Setup NetBeat NAC Release Notes v9.2.4 Page 1 of 13
Select System => AD Configuration Enter Domain Controller IP Address Enter Fully Qualified Domain Name(FQDN) Enter The Active Directory Base Container Enter The Active Directory Admin Security Group Enter The Active Directory Username NetBeat NAC Will Use To Bind To Active Directory Enter The Active Directory Password For the Bind User Check Read AD Login/User Info To Enable Domain Login Event Tracking The Admin Security Group must be created in Active Directory, and users must be manually added to the security group. Members of this security group will be able to Login to NetBeat NAC Appliance using their Active Directory username and password. NetBeat NAC Release Notes v9.2.4 Page 2 of 13
Please refer to Microsoft Documentation for instructions on adding security groups. Domain Login Event Tracking Setup Select System => AD Configuration Check Read AD Login/User Info to enable domain login event tracking Click: Click Here To Download Agent Service For Your Domain Controller Save file agent_service.zip on your domain controller Installing Agent Service On Active Directory Domain Controller Login to your domain controller Extract agent_service.zip to a folder on your domain controller. Double-click setup_service.vbs Enter the IP address of NetBeat NAC appliance Click OK when presented with the Service installed successfully message Verifying Agent Service Is Running Login to your Domain Controller Click Start Administrative Tools Services Scroll down to NetBeat NAC Agent Service Verify Status is Started NetBeat NAC Release Notes v9.2.4 Page 3 of 13
Removing Agent Service On Active Directory Domain Controller Login to Your Domain Controller Navigate to folder where agent_service.zip has been extracted Double-click remove_service.vbs Enabling SNMP Traps For Login Events On Windows 2003 Active Directory Domain Controller Login to your domain controller Click Start Control Panel Add or Remove Programs Click Add/Remove Windows Components Select Management and Monitoring Tools Click Details Check Simple Network Management Protocol Click Ok Complete installation NetBeat NAC Release Notes v9.2.4 Page 4 of 13
Enabling SNMP Traps For Login Events On Windows 2008 Active Directory Domain Controller Login to Your Domain Controller Click Start Administrative Tools Server Manager Click Action Add Features Select SNMP Services Click Install Complete Installation NetBeat NAC Release Notes v9.2.4 Page 5 of 13
Enabling SNMP Traps For Login Events On Windows 2012 Active Directory Domain Controller Login to Your Domain Controller Click Start Control Panel Turn Windows features on or off Click Add roles and features Click Next Select Role-based or feature-based installation Click Next Click Select a server from the server pool and in the Server Pool area, select the server you wish to install SNMP on. Click Next until the Select features page is reached Select SNMP Service Click Next Click Install on the confirmation page. NetBeat NAC Release Notes v9.2.4 Page 6 of 13
Click Start Control Panel Turn Windows features on or off Click Next until the Select features page is reached Expand Remote Server Administrator Tools Expand Feature Administration Tools Select SNMP Tools Click next. Reboot the server if required. Configure SNMP Traps For Windows Versions Login to your domain controller Click Start Administrative Tools Services Right-click SNMP Service Click Properties Select Traps tab NetBeat NAC Release Notes v9.2.4 Page 7 of 13
Enter Public For Community name Click Add Enter NetBeat NAC Appliance IP Address Click Add Click OK Using Evntwin.exe To Add Traps To Windows Events Login to your Domain Controller Click Start Run Type evntwin.exe And Click OK Select Custom For Configuration Type Click Edit>> To Expand The Window Expand The Security Folder Click Security Select Security Security Event ID 672 for Windows 2003 NetBeat NAC Release Notes v9.2.4 Page 8 of 13
Select Security Microsoft-Windows-Security-Auditing Event ID 4768 for Windows 2008 and 2012 Click Add and then OK. Click OK To Exit Microsoft Windows 2003 NetBeat NAC Release Notes v9.2.4 Page 9 of 13
Microsoft Windows 2008 and 2012 NetBeat NAC Release Notes v9.2.4 Page 10 of 13
Logging Into NetBeat NAC Appliance Using AD User Credentials Configure Active Directory(See NetBeat NAC Appliance Active Directory Setup) Enter Active Directory Username and Password On NetBeat NAC Login Page Note: When an Active Directory user logs in for the first time, NetBeat NAC Appliance will add the user account. This requires the user to log in again. Note: Active Directory user must be a member of the Admin Security Group (See NetBeat NAC Appliance Active Directory Setup) Viewing Active Directory User Information Associated With NetBeat NAC Network Assets Select Network Access Control => Manage Assets NetBeat NAC Release Notes v9.2.4 Page 11 of 13
Click Username Link To View Active Directory Information Viewing Login Records Associated With NetBeat NAC Network Assets Select Asset Tracker Systems Click Host Name Link Click View AD Login Records Click UserID Link To View Active Directory Information Associated With UserID NetBeat NAC Release Notes v9.2.4 Page 12 of 13
Viewing Login Records Associated With NetBeat NAC Network Assets Select Network Access Control Manage Assets Right-click asset record Click View AD Login Records NetBeat NAC Release Notes v9.2.4 Page 13 of 13