Active Directory Integration



Similar documents
Test Case 3 Active Directory Integration

Filter Avoidance and Anonymous Proxy Guard

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Windows Clients and GoPrint Print Queues

Getting Started with Clearlogin A Guide for Administrators V1.01

Delegated Administration Quick Start

Configuring User Identification via Active Directory

How To - Implement Single Sign On Authentication with Active Directory

QUANTIFY INSTALLATION GUIDE

How do I use Citrix Staff Remote Desktop

XenDesktop Implementation Guide

Preparing for GO!Enterprise MDM On-Demand Service

PineApp Surf-SeCure Quick

SafeWord Domain Login Agent Step-by-Step Guide

ILTA HANDS ON Securing Windows 7

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

owncloud Configuration and Usage Guide

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

IIS, FTP Server and Windows

NSi Mobile Installation Guide. Version 6.2

BusinessObjects Enterprise XI Release 2

Using Logon Agent for Transparent User Identification

VMware Identity Manager Administration

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

Lepide Active Directory Self Service. Configuration Guide. Follow the simple steps given in this document to start working with

Remote Desktop Solution, (RDS), replacing CITRIX Home Access

Using SSH Secure Shell Client for FTP

Flexible Identity. LDAP Synchronization Agent guide. Bronze. version 1.2

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

ECAT SWE Exchange Customer Administration Tool Web Interface User Guide Version 6.7

Managing Qualys Scanners

APNS Certificate generating and installation

Setting Up Scan to SMB on TaskALFA series MFP s.

Pearl Echo Installation Checklist

Using LDAP Authentication in a PowerCenter Domain

ACTIVE DIRECTORY DEPLOYMENT

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

Installation Steps for PAN User-ID Agent

Application Note. ShoreTel 9: Active Directory Integration. Integration checklist. AN June 2009

Cox Business Premium Online Backup USER'S GUIDE. Cox Business VERSION 1.0

Active Directory Integration for Greentree

ThinManager and Active Directory

Active Directory Authentication Integration

E-Notebook SQL 12.0 Desktop Database Migration and Upgrade Guide. E-Notebook SQL 12.0 Desktop Database Migration and Upgrade Guide

How to Access Coast Wi-Fi

PriveonLabs Research. Cisco Security Agent Protection Series:

User Management Tool 1.5

Active Directory 2008 Implementation. Version 6.410

Installing Windows Server Update Services (WSUS) on Windows Server 2012 R2 Essentials

Deploying Windows Streaming Media Servers NLB Cluster and metasan

SharePoint AD Information Sync Installation Instruction

ShadowControl ShadowStream

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Here, we will discuss step-by-step procedure for enabling LDAP Authentication.

Tech Tips Helpful Tips for Pelco Products

XyLoc Security Server w/ AD Integration (XSS-AD 5.x.x) Administrator's Guide

Manufacturing Representative SSL VDM Login User s Guide

Group Management Server User Guide

iboss Enterprise Deployment Guide iboss Web Filters

SchoolBooking SSO Integration Guide

Configuring Sponsor Authentication

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Integrating LANGuardian with Active Directory

Download and Install the Citrix Receiver for Mac/Linux

HP Client Automation Standard Fast Track guide

F-Secure Messaging Security Gateway. Deployment Guide

Working Together - Your Apple Mac and Microsoft Windows

How To Take Advantage Of Active Directory Support In Groupwise 2014

NETASQ SSO Agent Installation and deployment

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

HDA Integration Guide. Help Desk Authority 9.0

Exchange 2003 Mailboxes

Professional Mailbox Software Setup Guide

VERALAB LDAP Configuration Guide

MultiSite Manager. User Guide

Guide to Using Citrix at SLU (Windows)

To enable an application to use external usernames and passwords, you need to first configure CA EEM to use external directories.

Wazza s QuickStart 13. Leopard Server - Windows Domain

How to Join QNAP NAS to Microsoft Active Directory (AD)

CA Unified Infrastructure Management Server

VMware Mirage Web Manager Guide

How to Remotely Access the C&CDHB Network from a Personal Device

LAB 1: Installing Active Directory Federation Services

Information & Communication Technologies FTP and GroupWise Archives Wilfrid Laurier University

Copyright 2012 Trend Micro Incorporated. All rights reserved.

Install FileZilla Client. Connecting to an FTP server

ClicktoFax Service Usage Manual

SAMBA SERVER (PDC) Samba is comprised of a suite of RPMs that come on the RHEL/Fedora CDs. The files are named:

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

Remote Desktop access via Faculty Terminal Server Using Internet Explorer (versions 5.x-7.x)

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

4cast Server Specification and Installation

Joining an XP workstation to a domain Version 1.00

Lotus Notes 6.x Client Installation Guide for Windows. Information Technology Services. CSULB

Contents. Platform Compatibility. Directory Connector SonicWALL Directory Services Connector 3.1.7

Configuring the Active Directory Plug-in

Download/Install IDENTD

Mirtrak 6 Powered by Cyclope

Transcription:

January 11, 2011 Author: Audience: SWAT Team Evaluator Product: Cymphonix Network Composer EX Series, XLi OS version 9 Active Directory Integration The following steps will guide you through the process of directory integration. The goal of directory integration is to be able to apply filtering and/or shaping rules to your existing Active Directory security group/ou structure and to be able to report on and correlate all internet usage to a directory user. Once the integration is completed and groups have been built within composer, all management of group membership can be performed from your directory server. There are varying ways to integrate your directory servers with Network Composer. You may have restricted business policies or requirements that prohibit your ability to download and distribute a Client Agent to all nodes across the network. To fit all environments and scenarios, we also provide other options to authenticate users signing on to the network: Cymphonix Client Agent (cymdir.exe), Web Authentication (web log-in or IP Lookup), and NTLM for Citrix or Terminal Server environments. You can refer to the document TC6 - Other Options to User Name Based Reporting for specifics. We recommend deploying the Cymphonix Client Agent to all network nodes associated with Network Composer and the directory server. This is the method described within this document. However, you can select from one of the Web Authentication option methods. The following scenarios describe how Network Composer can authenticate user's logging in to their computers. Two Step Process to accomplish Directory Integration This is a two step process that needs to be followed in order. Network Composer will gain access to your directory structure by configuring the Network Composer with a directory agent which will connect to your directory server with a Direct LDAP Connection. Lastly, you will deploy a statically compiled executable, cymdir.exe, to your test workstation(s) which collects the user, IP, and domain information. Configure Network Composer to communicate with Active Directory Server You will configure Network Composer with a Directory Agent ; specifically a Direct LDAP Connection, so that Network Composer knows the directory server's IP address and password to access the directory structure. Network Composer must be able to connect to the directory server's IP address on the network.

Requirements The following fields are required information about your directory server or LDAP connection that you must have before you can create Directory Agents. Name IP Address Password Base DN Domain To add a directory agent 1. From Network Composer, navigate to Manage Tab-> Directory Users & Nodes -> Directory Agent. 2. Click Create. 3. Choose Direct LDAP Connection as the type of Directory Agent you want to create. Note: Direct LDAP Connection: This type of directory agent does not require that the Directory Server Agent be installed to your directory server and run as a service.

4. (Required) Enter the Name of the Directory Agent. Use to identify which server the Directory Agent Client was installed on. The name you enter will appear in the Directory Agent drop-down list of the User Interface, when you select a directory server to find members from the structure to add to the Directory Agent Group. Tip: We recommend using your domain name. 5. Enter a Description to identify the Directory Agent Server. 6. (Required) Entered an IP Address for the directory server you want to integrate. Network Composer must have access to communicate with the directory server's IP address on the network. 7. By default, the Port number is 389. You can change this value if your LDAP server uses a different port to communicate. 8. (Required) Enter a Password to access the directory server. 9. Enter the Domain name for the directory server. 10. Click Query Server to search for the Base DN 11. Click Save. Identify when users authenticate to the network and their IP address This is the final step to the directory integration process in which you will deploy cymdir.exe to the test workstation(s). Deploying cymdir.exe allows Network Composer to immediately identify when users authenticate to the network while synchronizing with defined groups, OUs, or user attributes. This is accomplished by receiving definitive log-in and log-out events in heart beats of information sent from the client executable once running on the workstation. The cymdir.exe is not a program or application that has to be installed, so there are no changes to the file structure or registry on the workstation. Rather, it only exists and runs as a process in memory which goes away at log off. This method is the most widely used because it gives you full functionality and obtains the most accurate reporting data while being completely seamless to the end user. We will deploy the statically compiled executable file (cymdir.exe) onto one or both of your test PC s using a manual method.

Note: When deploying cymdir.exe into your corporate environment you will use a GPO login script for ease of deployment instead of the manual method used here. To Deploy Cymdir 1. From your workstation download the cymdir.exe file from compose. Login to Composer and navigate to Admin Tab-> Downloads -> Directory Agent Software -> Download 32-bit Windows Directory Client Agent. 2. Click here to download your file and when given the choice save the file to the desktop of your workstation.

3. Click save and choose your desktop as the destination to start the download. 4. Once the download is complete you may need to remove a security flag from the file that Internet Explorer places on executable files. To do this, Right click on the file and select Properties. If there is an Unblock button available in the Security section on the General tab click Unblock. Note: If the file is already unblocked you will not see the Unblock button at the bottom of the General tab

5. On your workstation click on the Start menu, then Run. Browse to the location of Cymdir.exe OR simply drag the icon from your desktop into the run box. Once the full path of the cymdir.exe file exists in the Run dialogue box add a space to the very end of the path followed by the bridge IP address of your composer. Then click OK. Example: C:\Documents and Settings\Administrator\Desktop\cymdir.exe 10.3.0.50 6. When prompted with the Security Warning dialogue box, click the Run button.

Tip: If you launch your Task Manager you should see a process called cymdir.exe running. If cymdir.exe is running on the workstation Network Composer should be receiving your user information. 7. You can verify this within Network Composer by going to Admin Tab -> Diagnostic Tools -> Directory Agent Users. You should see your username listed. If you see your username in the list this means all of the traffic (all applications) will be associated to the directory username.

Creating a Directory Group Within the Network Composer you can create a Composer Directory Group which allows you to incorporate Security Groups, OU s or individual members from your existing directory architecture and subsequently apply unique policies to these users. The other advantage to creating groups outside of granular policy control is the ability to utilize the Correlate by Group reporting option. This test case will take you through the necessary steps to create a directory group. 1. Log in to Network Composer and navigate to ManageTab-> Policies & Rules-> Groups-> Click Create. When presented with the Choose a Group Type, choose Create a Directory Agent Group -> Click Ok. 2. You will now be in the Add/Edit Directory Agent Group Detail. Click Add Members which will bring you to the Add Directory Group Members screen. You can create a Directory Agent Group that contains members from your Active Directory server in different ways. Security group OU Attribute. Tip: The attribute option is commonly used when needing to add individual users. This can be easily accomplished by using in the attribute SamAccountName.

For a test case we recommend just adding one OU or security group that you can comfortably subject content filtering and/or shaping to such as your IT security group. Or create a group that consists of one or a couple of directory users by using the Attribute option mentioned above. Note: This must be a security group that isn t set as any users Primary Group. By default all users Primary Group is set to Domain Users ). In the Name field enter something that relates to the users, such as IT Group, in the Description field enter Members contained within description of group. 3. Check the box next to IT Group (or a different group that you feel is appropriate for testing) and then click OK at the bottom of the page. 4. Now that you re back at the Add/Edit Directory Agent Group Detail click the Save button

You have now successfully created a Directory Agent Group that allows you to accomplish two things. You can run reports and correlate the results by Group giving you aggregate reporting data to a specific directory group. For Example - How much bandwidth a domain users group is using versus a domain admins group. You can apply content filtering (IUR s Internet Usage Rules) and/or Shaping rules to a specific OU, Security Group, or even by a specific user attribute. After creating your Network Composer Directory Group, you would associate a unique IUR and/or shaping rule to the directory group through Policy manager.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information