Reset Search
 

 

Article

How to configure NTLM authentication on EAC appliance

« Go Back

Information

 
TitleHow to configure NTLM authentication on EAC appliance
Objective
How to configure NTLM authentication on EAC appliance
Environment
Extreme Access Control
  • Microsoft active directory
Procedure
This procedure assumes that an EAC appliance has already been configured and is up and running on the network. It also assumes that switches have already been configured for use with the EAC. If this isn't the case see the following articles: 

How to Add Switches to NAC Appliance Group
How to add EAC appliance into EMC
  1. Create LDAP authentication to point to active directory set to "NTLM" authentication
    1.  In EMC click on the "Control" tab then drill into Configuration > AAA 
    2. Right click "Default" and click "Make Advanced", or create a new advanced AAA configuration if desired
    3. Double click the only line item that exists in the "Authentication rules" table
    4. Change the "Authentication Method" option to "LDAP Authentication"
    5. Under the "LDAP Configuration" option select "New"
    6. Name the configuration accordingly
    7. Under the "LDAP Connection URLs" hit the "Add" button and add in the IP address of the Domain Controller in one of the following formats: 
      For LDAP use the format: ldap://xx.xx.xx.xx:389
      For secure LDAP use: ldaps://xx.xx.xx.xx.636
      
      Changes ports as required
    8. For "Administrator Username" put in the domain\username of the user that will be used to bind the NAC to the AD. Active Directory Permissions For NAC NTLM Authentication
    9. For "Administrator password" type in the password for the user
    10. For Search Settings put in the Search roots for the domain. To search from the top of the AD forest you can use the following search root scheme: 
      If your domain is "Extremenetworks.bestnetworkever.k12.edu" your Search Root would be: 
      dc=extremenetworks,dc=bestnetworkever,dc=k12,dc=edu
      You can narrow the search root to a specific OU, or specific section of the tree, but be aware that if you limit the search root to a section of the forest that doesn't contain the necessary data to be used then LDAP lookups may fail.​​
    11. Click on the "Populate Default Values" button in the lower right corner and select "Active Directory User defaults"
    12. Click the "Test" button to verify configuration, modify accordingly
    13. Click the "Save" button
    14. Click the "OK" button
    15. Enforce the appliance
  2. Test to see if the domain join worked:
    1. SSH to NAC appliance and run the command:
      wbinfo -t
    2. If the message comes back that checking the trust secret was successful the NAC has bound and will be able to complete NTLM authentication
    3. If the message indicates a problem issue the command:
      nacctl restart && tail -f /var/log/tag.log
    4. Services will cycle and EAC will attempt to join the AD. If you encounter an error message investigate the error message though KCS
 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255