cancel
Showing results for 
Search instead for 
Did you mean: 
blue_cirrus
Level 7

SmartFilter IFP off-box and Novell eDirectory

Jump to solution

Hi,


I am unable to find a specific category for SmartFilter so figured that this group had the most exposure in relation to this product but please bounce me elsewhere if i am asking in the wrong group.
I have an enquiry from a client who wishes to integrate SF IFP with Cisco ASA. They use eDirectory for authentication. I can see that this integration is supported but want to know that if eDirectory is used with IFP, will the users need to re-authenticate in order to gain Internet Access?. In other words, where is the policy/profile decision made - is it by the IFP plugin or eDirectory? Any notes on this would be useful as i'm not finding much in the way of documentation which talks about Cisco/Novell integrations..


Many thanks!

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: SmartFilter IFP off-box and Novell eDirectory

Jump to solution

That is correct on both points, you will need the auth server to accomplish this, and once everything is setup, you will see the usernames in the plugin logs.

~jon

0 Kudos
4 Replies
McAfee Employee

Re: SmartFilter IFP off-box and Novell eDirectory

Jump to solution

Hello blue_cirrus!

Regarding the IFP server and integration with eDirectory, the user will not be prompted for authentication when attempting to access the internet. SmartFilter will query eDirectory every so often to get a list of logged on users, in this list it will contain a 'networkAddress'. So when SmartFilter recieves a request it will take the client IP, compare it to the list recieved from eDirectory, match it against the 'networkAddress' attribute and find the corresponding username to determine which user is logged on to that IP.

Let me know if that makes sense or answers your question.

~jon

p.s. This would be the correct group for SmartFilter questions.

0 Kudos
blue_cirrus
Level 7

Re: SmartFilter IFP off-box and Novell eDirectory

Jump to solution

Many thanks Jon. I assume that the process described below will rrequire the authentication server plugin as well? Will this capture the username for the purposes of logging/reporting too ?

Best regards,

Message was edited by: blue_cirrus on 18/05/10 13:56:26 CDT

Message was edited by: blue_cirrus on 18/05/10 13:59:01 CDT
0 Kudos
McAfee Employee

Re: SmartFilter IFP off-box and Novell eDirectory

Jump to solution

That is correct on both points, you will need the auth server to accomplish this, and once everything is setup, you will see the usernames in the plugin logs.

~jon

0 Kudos
blue_cirrus
Level 7

Re: SmartFilter IFP off-box and Novell eDirectory

Jump to solution

Thanks Jon - Additionally, the client has a number of locations where Internet Access will be via a single IP address. In these locations, an LDAP lookup to e-Directory is used for authentication and because access is NAT'ed all access appears to be from a single IP - Will individual usernames still be captured even if they are all attached to the same IP?

0 Kudos