4 Replies Latest reply on May 19, 2010 5:24 AM by blue_cirrus

    SmartFilter IFP off-box and Novell eDirectory

    blue_cirrus

      Hi,


      I am unable to find a specific category for SmartFilter so figured that this group had the most exposure in relation to this product but please bounce me elsewhere if i am asking in the wrong group.
      I have an enquiry from a client who wishes to integrate SF IFP with Cisco ASA. They use eDirectory for authentication. I can see that this integration is supported but want to know that if eDirectory is used with IFP, will the users need to re-authenticate in order to gain Internet Access?. In other words, where is the policy/profile decision made - is it by the IFP plugin or eDirectory? Any notes on this would be useful as i'm not finding much in the way of documentation which talks about Cisco/Novell integrations..


      Many thanks!

        • 1. Re: SmartFilter IFP off-box and Novell eDirectory
          Jon Scholten

          Hello blue_cirrus!

           

          Regarding the IFP server and integration with eDirectory, the user will not be prompted for authentication when attempting to access the internet. SmartFilter will query eDirectory every so often to get a list of logged on users, in this list it will contain a 'networkAddress'. So when SmartFilter recieves a request it will take the client IP, compare it to the list recieved from eDirectory, match it against the 'networkAddress' attribute and find the corresponding username to determine which user is logged on to that IP.

           

          Let me know if that makes sense or answers your question.

           

          ~jon

           

          p.s. This would be the correct group for SmartFilter questions.

          1 of 1 people found this helpful
          • 2. Re: SmartFilter IFP off-box and Novell eDirectory
            blue_cirrus

            Many thanks Jon. I assume that the process described below will rrequire the authentication server plugin as well? Will this capture the username for the purposes of logging/reporting too ?

            Best regards,

             

             

            Message was edited by: blue_cirrus on 18/05/10 13:56:26 CDT

             

             

            Message was edited by: blue_cirrus on 18/05/10 13:59:01 CDT
            • 3. Re: SmartFilter IFP off-box and Novell eDirectory
              Jon Scholten

              That is correct on both points, you will need the auth server to accomplish this, and once everything is setup, you will see the usernames in the plugin logs.

               

              ~jon

              • 4. Re: SmartFilter IFP off-box and Novell eDirectory
                blue_cirrus

                Thanks Jon - Additionally, the client has a number of locations where Internet Access will be via a single IP address. In these locations, an LDAP lookup to e-Directory is used for authentication and because access is NAT'ed all access appears to be from a single IP - Will individual usernames still be captured even if they are all attached to the same IP?