cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1254
Views
0
Helpful
10
Replies

Mac OS authentication to NAC OOB VGW 4.7.2

Robert Slusar
Level 1
Level 1

I realize that the Mac's in our OOB VGW environment can't do SSO like the Window's machines. Since I don't want to get into the business of managing a lot of userid's and passwords I've been trying to come up with alternatives.

The first one that comes to mind is a "group" ID and password in the local DB that the Mac users can use. Simple but from a security standpoint not a good idea.

The second thought is to create a second authentication server where Mac users could point to when the login screen pops up.

Are there any caveats to using the second auth server? Is there any chance it cold cause problems with SSO?

Thanks!

Bob

1 Accepted Solution

Accepted Solutions

Robert,

You can use either a MAC user page, or just set LDAP on your default page. This way if any of your Windows machine fails authentication too for any reason, they will have the option to use LDAP to log in. Either should work just fine.

Same username for LDAP setup would work fine too.

HTH,

Faisal

View solution in original post

10 Replies 10

Faisal Sehbai
Level 7
Level 7

Bob,

Second auth server's the way to go. Make it LDAP, so they'll just have to re-use their AD credentials.

It wouldn't cause any issues with your existing AD SSO.

HTH,

Faisal

Thanks Faisal!

Since our LDAP auth servers are the same as our AD or at least a subset of the AD servers we were going to use the same User Name that we use for AD-SSO. Is that OK or do we need to use something entirely different.

I have  a followup question - working on the premise that I have the LDAP authentication working how do I actually direct the Mac users to the LDAP authentication? (They are using the Mac Agent.)

The way that seems to make the most sense tome is to a User Login Page that is specific to the Mac OS. (I have configured the login page and enabled it so I guess we'll see.)

Robert,

You can use either a MAC user page, or just set LDAP on your default page. This way if any of your Windows machine fails authentication too for any reason, they will have the option to use LDAP to log in. Either should work just fine.

Same username for LDAP setup would work fine too.

HTH,

Faisal

Once again, Thank You.

I have created a MAC_ALL login page and am testing.

Faisal,

I attempted to point to a User Login page for Macintosh and the login failed. They are using the Mac Agent for Ver 4.7.2 but when they connect they don't get the Mac logion page they get the default OS "All" page.

I have attached the screen scrapes of the MAC login page.

Is there a way to specifically point the Mac devices to the page? I was working on the impression that NAC should recognize the OS and point them to it. (I must be missing a step!)

Rob,

What's the order of the user pages? Can you post a screenshot of that? If ALL is above MAC_ALL, then the MAC will hit that first and not look further.

HTH,

Faisal

Faisal,

I did have the MAC_ALL at the top. I have since altered ALL to also behave differently, that is I added the LDAP server for authentication and made the LDAP server the default provider.

The only screen that pops up is the generic default screen (see attached) that is seen when a user's Window PC is redirected to the CAS after opening a HTTP session.

I must be missing something really basic. What control's the login screen that is seen by a user when they are using an installed agent (corporate device) or a Web Agents (Contractor's device)? The user's page Login Page implies it is OS as in the case of MAC_ALL.

Rob,

Please post the content tab from your mac_all page

Faisal

Oops! Sorry - I thought I did already.

Here it is.

OK - Now I am embarrassed.

When everything looks like it should work - Reboot! (The CAS.)

I now get drop down on the MAC OSx 4.7.2.507 CCA agent as well as Webagent.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: