System Administration
System Settings
15-7
_kerberos._tcp.Default-First-Site-
Name._sites.dc._msdcs.lvh.com. 86400 IN SRV 0 100 88
dc01.lvh.com
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.lvh.com.
86400 IN SRV 0 100 389 dc01.lvh.com
When a browser is configured with an Intranet site as its home page, it will
get redirected as shown in the following example process:
->
lookup
intranet.mycompany.com
<-
get
an NXDomain (since
dc01.mycompany.com
is in the forwarders, all
other
mycompany.com
hostnames get an NXDomain; that is the way
named
works).
->
lookup intranet.mycompany.com.quarantine.bad
<-
get
NAC 800 IP address
When the end-user logs in, they will be able to authenticate from quarantine
even if credentials are not cached:
->
lookup
the
_kerberos
and
_ldap
service location
<-
receive dc01.mycompany.com
&
dc02.mycompany.com
->
lookup
the dc01 IP address
<-
receive
the dc IP address forwarded through NAC 800
named
to the real
DNS server (since
dc01.mycompany.com
is in the accessible services list).
->
authenticate
Matching Windows Domain Policies to NAC Policies
Using a Windows domain might affect the end-user’s ability to change their
system configuration to pass the tests. For example, in a corporate environ-
ment, each machine gets their domain information from the domain controller,
and the user is not allowed to change any of the related settings, such as
receiving automatic updates and other IE security settings.
The NAC 800 administrator needs to make sure the global policy on their
network matches the NAC policy defined, or skip the test.
For example, if the global network policy is to not allow Windows automatic
updates, any user attempting to connect through the
High security
NAC policy
fails the test, and is not able to change their endpoint settings to pass the test.
Summary of Contents for 800 Series
Page 1: ...Users Guide www procurve com ProCurve Network Access Controller 800 ...
Page 2: ......
Page 3: ...ProCurve Network Access Controller 800 Release 1 1 Users Guide ...
Page 43: ...2 1 2 Clusters and Servers Chapter Contents Overview 2 2 Installation Examples 2 3 ...
Page 70: ...System Configuration Management Server 3 22 Figure 3 9 System Configuration Management Server ...
Page 79: ...System Configuration User Accounts 3 31 Figure 3 12 System Configuration User Accounts ...
Page 87: ...System Configuration User Roles 3 39 Figure 3 16 System Configuration User Roles ...
Page 206: ... This page intentionally left blank ...
Page 229: ...End user Access Mac OS X Endpoint Settings 5 23 Figure 5 8 Mac System Preferences ...
Page 262: ... This page intentionally left blank ...
Page 284: ... This page intentionally left blank ...
Page 298: ... This page intentionally left blank ...
Page 302: ...High Availability and Load Balancing High Availability 8 4 Figure 8 2 DHCP Installation ...
Page 303: ...High Availability and Load Balancing High Availability 8 5 Figure 8 3 802 1X Installation ...
Page 305: ...9 1 9 Inline Quarantine Method Chapter Contents Inline 9 2 ...
Page 308: ... This page intentionally left blank ...
Page 311: ...DHCP Quarantine Method Overview 10 3 Figure 10 1 DHCP Installation ...
Page 314: ... This page intentionally left blank ...
Page 319: ...802 1X Quarantine Method NAC 800 and 802 1X 11 5 Figure 11 2 NAC 800 802 1X Enforcement ...
Page 320: ...802 1X Quarantine Method NAC 800 and 802 1X 11 6 Figure 11 3 802 1X Communications ...
Page 376: ... This page intentionally left blank ...
Page 414: ... This page intentionally left blank ...
Page 421: ...Reports Viewing Report Details 14 7 Figure 14 3 Test Details Report ...
Page 474: ... This page intentionally left blank ...
Page 520: ...Tests Help Security Settings Windows B 34 http www pcworld com article id 112138 article html ...
Page 526: ... This page intentionally left blank ...
Page 556: ... This page intentionally left blank ...
Page 584: ... This page intentionally left blank ...
Page 585: ......