8e6 Technologies Enterprise Filter Authentication R3000 User Manual

Size:
6.79 Mb
Download

 

CONTENTS

User/Group File Format and Rules ........................................

209

Username Formats .......................................................................

209

Rule Criteria ..................................................................................

210

File Format: Rules and Examples .................................................

212

NT User List Format and Rules . .............................................

213

NT Group List Format and Rules ............................................

214

LDAP User List Format and Rules ..........................................

215

LDAP Group List Format and Rules . ......................................

217

APPENDIX B ..............................................................

218

Ports for Authentication System Access ..............................

218

APPENDIX C ..............................................................

219

LDAP Server Customizations ................................................

219

OpenLDAP Server Scenario .........................................................

219

Not all users returned in User/Group Browser ........................

219

APPENDIX D ..............................................................

220

Disable SMB Signing Requirements .....................................

220

SMB Signing Compatibility ............................................................

220

Disable SMB Signing Requirements in Windows 2003 .................

221

APPENDIX E ..............................................................

226

Obtain or Export an SSL Certificate ......................................

226

Export an Active Directory SSL Certificate ....................................

226

Verify certificate authority has been installed .........................

226

Locate Certificates folder ........................................................

227

Export the master certificate for the domain ...........................

230

Export a Novell SSL Certficate ......................................................

234

Obtain a Sun ONE SSL Certificate ...............................................

235

APPENDIX F ..............................................................

236

Override Pop-upBlockers ......................................................

236

Yahoo! Toolbar Pop-up Blocker ....................................................

237

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

xi

CONTENTS

If pop-up blocking is enabled ..................................................

237

Add override account to the white list .....................................

237

Google Toolbar Pop-up Blocker ....................................................

239

If pop-up blocking is enabled ..................................................

239

Add override account to the white list .....................................

239

AdwareSafe Pop-up Blocker .........................................................

240

If pop-up blocking is enabled ..................................................

240

Temporarily disable pop-up blocking ......................................

240

Mozilla Firefox Pop-up Blocker .....................................................

241

Add override account to the white list .....................................

241

Windows XP SP2 Pop-up Blocker ................................................

242

Set up pop-up blocking ...........................................................

242

Use the Internet Options dialog box..................................

242

Use the IE toolbar ............................................................

243

Temporarily disable pop-up blocking ......................................

243

Add override account to the white list .....................................

244

Use the IE toolbar .............................................................

244

Use the Information Bar ...................................................

245

Set up the Information Bar..........................................

245

Access your override account.....................................

245

APPENDIX G .............................................................

247

Glossary ...................................................................................

247

INDEX .......................................................................

255

xii

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

CHAPTER1: INTRODUCTIONABOUT THIS USER GUIDE

CHAPTER1: INTRODUCTION

The R3000 Authentication User Guide contains information about setting up authentication on the network.

About this User Guide

This user guide addresses the network administrator designated to configure and manage the R3000 server on the network.

Chapter 1 provides information on how to use this user guide, and also includes an overview of filtering components and authentication operations.

Chapters 2, 3, and 4 describe the R3000 Administrator console entries that must be made in order to prepare the network for using authentication for NT and/or LDAP domains.

NOTE: Refer to the R3000 Quick Start Guide for information on installing the unit on the network.This document also provides information on how to access the R3000 console to perform the initial installation setup defined in Chapter 2: Network Setup.

After all settings have been made, authentication is ready to be used on the network. Chapter 5 outlines the step you need to take to test and to activate your settings before deploying authentication on the network.

Chapter 6 provides support information. Appendices at the end of this user guide feature instructions on filtering profile file components and setup; a chart of ports used for authentication system access; notes on customizations to make on specified LDAP servers; steps to modify the SMB protocol to disable SMB Signing requirements; information on how to obtain or export an SSL certificate and upload it to the R3000; tips on how to override pop-upwindows withpop-up

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

1

CHAPTER 1: INTRODUCTION HOW TOUSE THISUSERGUIDE

blocker software installed; a glossary on authentication terms, and an index.

How to Use this User Guide

Conventions

The following icons are used throughout this user guide:

NOTE: The “note” icon is followed by italicized text providing additional information about the current subject.

TIP: The “tip” icon is followed by italicized text giving you hints on how to execute a task more efficiently.

WARNING: The “warning” icon is followed by italicized text cautioning you about making entries in the application, executing certain processes or procedures, or the outcome of specified actions.

2

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

CHAPTER 1: INTRODUCTION HOW TOUSE THISUSERGUIDE

Terminology

The following terms are used throughout this user guide. Sample images (not to scale) are included for each item.

alert box - a message box that opens in response to an entry you made in a dialog box, window, or screen. This box often contains a button (usually

labeled “OK”) for you to click in order to confirm or execute a command.

button - an object in a dialog box, window, or screen that can be clicked with your mouse to execute a command.

checkbox - a small square in a dialog box, window, or screen used for indi-

cating whether or not you wish to select an option. This object allows you to toggle between two choices. By clicking in this box, a check mark or an “X” is placed, indicating that you selected the option. When this box is not checked, the option is not selected.

control panel - the panel that displays at the left of a screen. This panel can contain links that can be clicked to open windows or dialog boxes at the right of the screen. One or more tree lists also can display in this panel. When an item in the tree list isdouble-clicked,the tree list opens to reveal items that can be selected.

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

3

CHAPTER 1: INTRODUCTION HOW TOUSE THISUSERGUIDE

dialog box - a box that opens in response to a command made in a window or screen, and requires your input. You must choose an option by

clicking a button (such as “Yes” or “No”, or “Next” or “Cancel”) to execute your command. As dictated by this box, you also might need to make one or more entries or selections prior to clicking a button.

field - an area in a dialog box, window, or screen that either accommodates your data

entry, or displays pertinent information. A text box is a type of field.

frame - aboxed-inarea in a dialog box, window, or screen that includes a group of objects such as fields, text boxes, list boxes, buttons, radio buttons, check-

boxes, and/or tables. Objects within a frame belong to a specific function or group. A frame often is labeled to indicate its function or purpose.

grid - an area in a frame that displays rows and columns of

data, as a result of various processes. This data can be reorganized in the R3000 console, by changing the order of the columns.

list box - an area in a dialog box, window, or screen that accommodates and/or displays entries of items that can be added or removed.

4

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

CHAPTER 1: INTRODUCTION HOW TOUSE THISUSERGUIDE

pop-upboxor pop-upwindow- a box or window that opens after you click a button in a dialog box, window, or screen. This box or window may display infor-

mation, or may require you to make one or more entries. Unlike a dialog box, you do not need to choose between options.

pull-downmenu- a field in a dialog box, window, or screen

that contains a down-arrowto the right. When you click the arrow, a menu of items displays from which you make a selection.

radio button - a small, circular object in a dialog box, window, or screen

used for selecting an option. This object allows you to toggle between two choices. By clicking a radio button, a dot is placed in the circle, indicating that you selected the option. When the circle is empty, the option is not selected.

screen - a main object of an application that displays across your monitor. A screen can contain panels, windows, frames, fields, tables, text boxes, list boxes, icons, buttons, and radio buttons.

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

5

CHAPTER 1: INTRODUCTION HOW TOUSE THISUSERGUIDE

sub-topic- a subset of a main topic that displays as a menu item for the topic. The menu of subtopics opens

when a pertinent topic link in the left panel—thecontrolpanel—ofa screen is clicked. If asub-topicis selected, the window for thatsub-topicdisplays in the right panel of the screen, or apop-upwindow or an alert box opens, as appropriate.

text box - an area in a dialog box, window, or screen that accommodates your data entry. A text box is a type of field. (See “field”.)

topic - a topic displays as a link in the leftpanel—thecontrol panel— of a screen. By clicking the link for a topic, the window for that topic displays in the right panel of the screen, or a menu of subtopics opens.

6

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

CHAPTER 1: INTRODUCTION HOW TOUSE THISUSERGUIDE

tree - a tree displays in the control panel of a screen, and is comprised of a hierarchical list of items. An entity associated with a branch of the tree is preceded by a plus (+) sign when the branch is collapsed. Bydouble-clickingthe item, a minus(-)sign replaces the plus sign, and any entity within that branch of the tree displays. An item in the tree is selected by clicking it.

window - a window displays on a screen, and can contain frames, fields, text boxes, list boxes, buttons, checkboxes, and radio buttons. A window for a topic orsub-topicdisplays in the right panel of the screen. Other types

of windows include pop-upwindows, login windows, or ones from the system such as the Save As or Choose file windows.

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

7

CHAPTER1: INTRODUCTIONFILTERING ELEMENTS

Filtering Elements

Filtering operations include the following elements: groups, filtering profiles and their components, and rules for filtering.

Group Types

In the Group section of the Administrator console, group types are structured in a tree format in the control panel. There are four group types in the tree list:

Global Group

IP groups

NT domain groups

LDAP domain groups

NOTE: If authentication is enabled, the global administrator— who has all rights and permissions on the R3000server—willsee all branches of the tree: Global Group, IP, NT, and LDAP. If authentication is disabled, only the Global Group and IP branches will be seen.

Global Group

The first group that must be set up is the global group,

represented in the tree structure by the global icon . The filtering profile created for the global group represents the default profile to be used by all groups that do not have a filtering profile, and all users who do not belong to a group.

8

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE