Authentication Configuration Procedures:

When configuring the ProxyBlocker server for authentication, settings must be made in System and Group windows in the Administrator GUI.

System section

The first settings for authentication must be made in the System section of the Administrator GUI in the following windows: Operation Mode, LAN Settings, Enable/Disable Authentication, Authentication Settings, Authentication SSL Certificate (if Web-based authentication will be used), and Block Page Authentication.

1. Select “Mode” from the navigation panel, and then select “Operation Mode” from the pop-up menu. The entries made in the Operation Mode window will vary depending on your network setup. For a typical network setup, in the Listening Device frame, set the Listening Device to “LAN1”, and in the Block Page Device frame, select “LAN2”.

2. Select “Network” from the navigation panel, and then select “LAN Settings” from the pop-up menu. The entries made in this window will vary depending on your network setup. No matter which mode you use, the LAN 1 and LAN 2 IP addresses should be in a different subnet. In a typical network setup, for the LAN1 IP address, enter 32 for the subnet mask.

3. Select “Authentication” from the navigation panel, and then select Enable/Disable Authentication from the pop-up menu. Enable authentication, and then select one of three tiers in the Web-based Authentication frame:
• Tier 1: Choose this option if you will be using net use based authentication for NT or Active Directory domains.
• Tier 2: Choose this option if using NT and/or LDAP authentication, and you want the user to have a time limit on his/her Internet connection.
• Tier 3: Choose this option if using NT and/or LDAP authentication, and you want the user to maintain a persistent network connection.

NOTE: If using Tier 1, specify whether Keep Alives will be sent on a connection to verify if it is still active. If 8e6 Authenticator, Novell eDirectory Agent, or Active Directory Agent are implemented, Tier 2 or Tier 3 can be used as a fallback solution.

WARNING: If enabling Novell eDirectory Agent, the agent will immediately begin scanning Novell eDirectory-based domain labels.

4. Select “Authentication” from the navigation panel, and then select “Authentication Settings” from the pop-up menu. In the Settings frame, enter general configuration settings for the ProxyBlocker server such as IP address entries. In the NIC Device to Use for Authentication field, on a typical network select LAN2 for sending traffic on the network—in particular, for transferring authentication data.

Information should only be entered in the NT Authentication Server Details frame if the ProxyBlocker will use the NT Authentication method to authenticate users. (See Join Domain.)

5. Select “Authentication” from the navigation panel, and then select Authentication SSL Certificate from the pop-up menu. This option should be used if Web-based authentication will be deployed on the ProxyBlocker server. Using this option, a Secured Sockets Layer (SSL) self-signed certificate is created and later placed on client machines so that these machines will recognize the ProxyBlocker as a valid server with which they can communicate.

6. Select “Control” from the navigation panel, and then select “Block Page Authentication” from the pop-up menu. Select the Re-authentication Options to be used. If the “Re-authentication” option is selected, enter the login script path to be used by the ProxyBlocker for re-authentication purposes.

Top

Group section

In the Group section of the Administrator GUI, choose NT or LDAP as pertinent, and do the following:

1. Add a domain from the network to the list of domains that will have users authenticated by the ProxyBlocker.

NOTE 1: If the network has more than one domain, the first one you add should be the domain on which the ProxyBlocker resides.

NOTE 2: When enabling Novell eDirectory Agent, a backup server can be specified in the event that communication is lost between the primary Novell eDirectory server and Novell clients.

2. Create filtering profiles for each group within that domain.

3. Set the group priority by designating which group profile will be assigned to a user whe he/she logs in. If a user is a member of multiple groups, the group that is positioned highest in the list is applied.

4. Create unique filtering profiles for individual users and machines, if necessary.

Related Topics:

• Authentication Settings
• Active Directory Agent
• Join Domain
• Login Scripts
• 3-Try Login Script
• Tier 2 and Tier2/Tier1 Scripts

Back | Top