8e6 Technologies Enterprise Filter Authentication R3000 User Manual
Size:
6.79 Mb
Download

8e6R3000 | Enterprise Filter

R

USER

GUIDE

for Authentication

Model: R3000

Release 1.10.20 / Version No.: 1.01

ii

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

R3000 ENTERPRISEFILTER

AUTHENTICATIONUSERGUIDE

© 2006 8e6 Technologies All rights reserved.

828 W. Taft Ave., Orange, CA 92865, USA

Version 1.01, published December 2006

To be used with R3000 User Guide version 1.01 for software release 1.10.20

Printed in the United States of America

This document may not, in whole or in part, be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine readable form without prior written consent from 8e6 Technologies.

Every effort has been made to ensure the accuracy of this document. However, 8e6 Technologies makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. 8e6 Technologies shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. Due to future enhancements and modifications of this product, the information described in this documentation is subject to change without notice.

The latest version of this document can be obtained from http://www.8e6.com/docs/r3000_auth_ug.pdf.

Trademarks

Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies and are the sole property of their respective manufacturers.

Part# R3.10_AUG_v1.01-0612

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

iii

iv

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

CONTENTS

 

CHAPTER 1: INTRODUCTION ..........................................

1

About this User Guide ................................................................

1

How to Use this User Guide .......................................................

2

Conventions ......................................................................................

2

Terminology ......................................................................................

3

Filtering Elements .......................................................................

8

Group Types .....................................................................................

8

Global Group ..............................................................................

8

IP Groups . ..................................................................................

9

NT Domain Groups ...................................................................

10

LDAP Domain Groups ..............................................................

11

Filtering Profile Types .....................................................................

12

Static Filtering Profiles ..............................................................

13

Master IP Group Filtering Profile.........................................

13

IP Sub-Group Filtering Profile .............................................

13

Individual IP Member Filtering Profile .................................

13

Active Filtering Profiles . ............................................................

14

Global Filtering Profile.........................................................

14

NT/LDAP Group Filtering Profile .........................................

14

NT/LDAP Member Filtering Profile......................................

14

Override Account Profile ....................................................

15

Time Profile .........................................................................

15

Lock Profile .........................................................................

15

Filtering Profile Components ...........................................................

16

Library Categories . ...................................................................

17

8e6 Supplied Categories.....................................................

17

Custom Categories .............................................................

17

Service Ports . ...........................................................................

18

Rules ........................................................................................

18

Minimum Filtering Level ............................................................

18

Filter Settings ............................................................................

19

Filtering Rules .................................................................................

20

Authentication Operations .......................................................

23

R3000 Authentication Protocols ......................................................

23

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

V

CONTENTS

R3000 Authentication Tiers .............................................................

23

Tier 1: Single Sign-On Authentication .............................................

25

Net use based authentication process .....................................

25

Re-authentication process ..................................................

26

Authentication methods ............................................................

27

SMB protocol.......................................................................

27

SMB Signing .................................................................

27

LDAP protocol .....................................................................

28

Name resolution methods .........................................................

29

Authentication setup procedures . .............................................

30

Server setup types ..............................................................

30

Tier 1: Net use based authentication ............................

30

Tier 2 and Tier 3: Web-based authentication................

30

Configuring the authentication server .......................................

31

Login scripts .......................................................................

32

Enter net use syntax in the login script .........................

32

View login script on the server console ........................

33

Block page authentication login scripts.........................

34

LDAP server setup rules ...........................................................

35

Tier 2: Time-based, Web Authentication .........................................

36

Tier 2 implementation in an environment ..................................

37

Tier 2 Script ........................................................................

38

Tier 1 and Tier 2 Script .......................................................

39

Tier 3: Session-based, Web Authentication ....................................

41

8e6 Authenticator ............................................................................

42

Environment requirements .......................................................

42

Minimum system requirements ...........................................

42

Recommended system requirements ................................

43

Workstation requirements .........................................................

43

Work flow in a Windows environment .......................................

44

8e6 Authenticator configuration priority ..............................

45

8e6 Authenticator configuration syntax ..............................

46

Sample command line parameters ...............................

46

Table of parameters ............................................................

47

Novell eDirectory Agent ..................................................................

50

Environment requirements .......................................................

50

Novell eDirectory servers ....................................................

50

Client workstations .............................................................

51

Novell clients .......................................................................

51

Novell eDirectory setup ............................................................

51

R3000 setup and event logs .....................................................

52

vi

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

 

CONTENTS

Authentication Solution Compatibility ..............................................

53

Configuring the R3000 for Authentication .......................................

54

Configuration procedures .........................................................

54

System section....................................................................

54

Group section .....................................................................

57

CHAPTER 2: NETWORK SETUP ....................................

58

Environment Requirements .....................................................

58

Workstation Requirements ..............................................................

58

Administrator ............................................................................

58

End User ...................................................................................

58

Network Requirements ....................................................................

59

Set up the Network for Authentication ....................................

60

Specify the operation mode ............................................................

60

Specify the subnet mask, IP address(es) ........................................

62

Invisible mode ...........................................................................

63

Router or firewall mode ............................................................

63

Enable authentication, specify criteria .............................................

64

Net use based authentication ...................................................

66

Web-based authentication ........................................................

67

Enter network settings for authentication ........................................

70

Create an SSL certificate ................................................................

72

Create, Download a Self-Signed Certificate . ............................

73

Create, Upload a Third Party Certificate ...................................

74

Create a Third Party Certificate...........................................

74

Upload a Third Party Certificate .........................................

76

Download a Third Party Certificate ....................................

77

View log results ...............................................................................

78

Specify block page settings .............................................................

81

Block Page Authentication ........................................................

82

Block page .........................................................................

83

User/Machine frame .....................................................

84

Standard Links..............................................................

84

Optional Links ...............................................................

85

Options page ......................................................................

86

Option 1 ........................................................................

87

Option 2 ........................................................................

88

Option 3 ........................................................................

89

Common Customization ...........................................................

90

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

vii

CONTENTS

Enable, Disable Features....................................................

91

Authentication Form Customization ..........................................

93

Preview Sample Authentication Request Form ..................

95

Block Page Customization ........................................................

97

Preview Sample Block Page ..............................................

99

CHAPTER 3: NT AUTHENTICATION SETUP ..................

101

Join the NT Domain ................................................................

101

Create an NT Domain ..............................................................

103

Add an NT domain ........................................................................

103

Refresh the NT branch ..................................................................

104

View or modify NT domain details .................................................

105

Domain Settings .....................................................................

105

Default Rule ............................................................................

107

Delete an NT domain ....................................................................

108

Set up NT Domain Groups, Members ....................................

109

Add NT groups, members to the tree ............................................

109

Specify a group’s filtering profile priority .......................................

111

Manually add a user’s name to the tree ........................................

113

Manually add a group’s name to the tree ......................................

114

Upload a file of filtering profiles to the tree ....................................

115

Create and Maintain NT Profiles ............................................

118

Add an NT group, member to the tree list .....................................

118

Add or maintain an entity’s profile .................................................

120

Category Profile ......................................................................

121

Redirect URL ..........................................................................

122

Filter Options ..........................................................................

123

Remove an entity’s profile from the tree .......................................

124

CHAPTER 4: LDAP AUTHENTICATION SETUP .............

125

Create an LDAP Domain .........................................................

125

Add the LDAP domain ...................................................................

125

Refresh the LDAP branch .............................................................

126

View, modify, enter LDAP domain details .....................................

126

LDAP Server Type ..................................................................

127

Group Objects ........................................................................

128

viii

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

 

CONTENTS

User Objects ...........................................................................

130

Address Info ...........................................................................

131

Account Info ............................................................................

134

SSL Settings ...........................................................................

135

Alias List . ................................................................................

137

Default Rule ............................................................................

139

Default Rule for Novell eDirectory ....................................

141

Configure a backup server..........................................

141

Modify a backup server’s configuration ......................

145

Delete a backup server’s configuration.......................

145

Delete a domain ............................................................................

145

Set up LDAP Domain Groups, Members ...............................

146

Add LDAP groups, users to the tree .............................................

146

Perform a basic search ...........................................................

147

Options for search results .......................................................

147

Apply a filtering rule to a profile ..............................................

148

Delete a rule . ..........................................................................

149

Specify a group’s filtering profile priority .......................................

149

Manually add a user’s name to the tree ........................................

150

Manually add a group’s name to the tree ......................................

151

Upload a file of filtering profiles to the tree ....................................

152

Create, Maintain LDAP Profiles .............................................

155

Add an LDAP group, member to the tree ......................................

155

Add or maintain an entity’s profile .................................................

157

Category Profile ......................................................................

158

Redirect URL ..........................................................................

159

Filter Options ..........................................................................

160

Remove an entity’s profile from the tree .......................................

161

CHAPTER 5: AUTHENTICATION DEPLOYMENT .............

162

Test Authentication Settings .................................................

162

Test Web-based authentication settings .......................................

164

Step 1: Create an IP Group, “test” ..........................................

164

Step 2: Create a Sub-Group, “workstation” . ...........................

165

Step 3: Set up “test” with a 32-bit net mask ............................

166

Step 4: Give “workstation” a 32-bit net mask ..........................

167

Step 5: Block everything for the Sub-Group . ..........................

168

Step 6: Use Authentication Request Page for redirect URL ...

169

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

ix

CONTENTS

Step 7: Disable filter options ...................................................

170

Step 8: Attempt to access Web content . ................................

171

Test net use based authentication settings ...................................

173

Activate Authentication on the Network ...............................

174

Activate Web-based authentication for an IP Group .....................

175

Step 1: Create a new IP Group, “webauth” ............................

175

Step 2: Set “webauth” to cover users in range . ......................

176

Step 3: Create an IP Sub-Group . ...........................................

177

Step 4: Block everything for the Sub-Group . ..........................

179

Step 5: Use Authentication Request Page for redirect URL ...

180

Step 6: Disable filter options ...................................................

181

Step 7: Set Global Group to filter unknown traffic . .................

182

Activate Web-based authentication for the Global Group .............

187

Step 1: Exclude filtering critical equipment .............................

187

Step 1A: Block Web access, logging via Range to Detect . ....

188

Range to Detect Settings ..................................................

188

Range to Detect Setup Wizard .........................................

190

Step 1B: Block Web access via IP Sub-Group profile . ...........

196

Step 2: Modify the Global Group Profile . ................................

199

Activate NT authentication ............................................................

203

Step 1: Modify the 3-try login script ........................................

203

Step 2: Modify the Global Group Profile .................................

204

CHAPTER 6: TECHNICAL SUPPORT ............................

206

Hours ........................................................................................

206

Contact Information ................................................................

206

Domestic (United States) ..............................................................

206

International ..................................................................................

206

E-Mail ............................................................................................

206

Office Locations and Phone Numbers ..........................................

207

8e6 Corporate Headquarters (USA) .......................................

207

8e6 Taiwan .............................................................................

207

8e6 China ...............................................................................

207

Support Procedures ................................................................

208

APPENDIX A ..............................................................

209

x

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

 

CONTENTS

User/Group File Format and Rules ........................................

209

Username Formats .......................................................................

209

Rule Criteria ..................................................................................

210

File Format: Rules and Examples .................................................

212

NT User List Format and Rules . .............................................

213

NT Group List Format and Rules ............................................

214

LDAP User List Format and Rules ..........................................

215

LDAP Group List Format and Rules . ......................................

217

APPENDIX B ..............................................................

218

Ports for Authentication System Access ..............................

218

APPENDIX C ..............................................................

219

LDAP Server Customizations ................................................

219

OpenLDAP Server Scenario .........................................................

219

Not all users returned in User/Group Browser ........................

219

APPENDIX D ..............................................................

220

Disable SMB Signing Requirements .....................................

220

SMB Signing Compatibility ............................................................

220

Disable SMB Signing Requirements in Windows 2003 .................

221

APPENDIX E ..............................................................

226

Obtain or Export an SSL Certificate ......................................

226

Export an Active Directory SSL Certificate ....................................

226

Verify certificate authority has been installed .........................

226

Locate Certificates folder ........................................................

227

Export the master certificate for the domain ...........................

230

Export a Novell SSL Certficate ......................................................

234

Obtain a Sun ONE SSL Certificate ...............................................

235

APPENDIX F ..............................................................

236

Override Pop-upBlockers ......................................................

236

Yahoo! Toolbar Pop-up Blocker ....................................................

237

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

xi

CONTENTS

If pop-up blocking is enabled ..................................................

237

Add override account to the white list .....................................

237

Google Toolbar Pop-up Blocker ....................................................

239

If pop-up blocking is enabled ..................................................

239

Add override account to the white list .....................................

239

AdwareSafe Pop-up Blocker .........................................................

240

If pop-up blocking is enabled ..................................................

240

Temporarily disable pop-up blocking ......................................

240

Mozilla Firefox Pop-up Blocker .....................................................

241

Add override account to the white list .....................................

241

Windows XP SP2 Pop-up Blocker ................................................

242

Set up pop-up blocking ...........................................................

242

Use the Internet Options dialog box..................................

242

Use the IE toolbar ............................................................

243

Temporarily disable pop-up blocking ......................................

243

Add override account to the white list .....................................

244

Use the IE toolbar .............................................................

244

Use the Information Bar ...................................................

245

Set up the Information Bar..........................................

245

Access your override account.....................................

245

APPENDIX G .............................................................

247

Glossary ...................................................................................

247

INDEX .......................................................................

255

xii

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE