cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2438
Views
4
Helpful
23
Replies

NAC Appliance and Novell

dario.didio
Level 4
Level 4

Hello,

We have a Novell environment and want to use NAC Appliance.

I've set up a lab to simulate NAC Appliance in our environment.

When we log in, the login script that is configured in the Novell directory server is run to map drives.

Problem here is that, because of the limited access for the unauthenticated role, these mappings fail.

We have tried to make the CCA agent popup prior to the mappings, but this doesn't work because the process is as follows:

- login to the domain with the Novell client.

- Login script is executed

- Windows environment is loaded (desktop, menu bar, etc...)

- agent pops up

- network access is permitted if authenticated.

So the problem is that we cannot run the CCA Agent because he needs the Windows environment to be able to run. But here the problem is that the login script has to be terminated, but this will fail because of limited network access.

In a AD environment, you can put the login script on hold until full network access is granded. But this seems impossible with the Novell login script.

I know we can grand access in the unauthenticated role for the drive mappings. This can't be done in my case for security purposes.

Does someone of you has faced this problem, or has a clue how this can be solved?

If you have further question, please ask and I will answer ASAP.

Thanks in advance!

23 Replies 23

I believe it can. By changing to the MSGINA, the user is prompted first with a Windows logon. After they log in, it passes the same credentials to the Novell authenticator. If they match, it processes the login and runs whatever the client is set to do (including login scripts).

It takes about the same time as when a user logs on to Novell first, maybe less.

Give it a try and post back what you find out.

Tom

I?m working in a project with the same problem, my client want SSO with the Novell Client and don?t find any solution, besides Novell Client, the client still run ZenWorks after the logon. Auyone can help me with the SSO???...The solution exists??

Thanks.

Hi,

it is not natively supported by Cisco nor Novell. You could use a third party apllication, which is called Imprivata (www.imprivata.com).

I haven't used it, but normally it should work.

Have you faced a problem with the CCA Agent and the login scipt of Novell?

Thanks for a response!

Kr,

Dario

Hi Dario,

Unfortenately NOT, beacause I still making the project to my client, in the next week I will work in the lab environment and I hope help your question.

In my company I have the Novell Specialist and I?ll use the knowledge of this guy.

Next week I tell my experience in the lab.

Hi Dario, did you try switching the GINAs?

I'm doing it for different reasons and it seems to work OK. The only thing I ran in to is when I take my laptop home, it still tries to connect to Novell and fails after 30 seconds. I removed NDS authentication from my home location profile and it works OK now.

Tom

Tom

Hi Dario and Tom,

I?m now trying to do the authentication in lab deployment and I have the same problem like Dario, if I open the ports os Novell authentication I run the login script before the user checked against CCA, I?ll try the msgina solution tomorrow, anyone try this test?

I have another question about mapping the user to vlan, how the attributes of LDAP I will use to make this mapping?...my client creates a lot of vlan and his wants mapping user or groups in this vlans..I don?t know how make this assignments, anyone can help me?

Thanks.

Hi guys,

I have news for you...directed from Novell...

http://www.novell.com/connectionmagazine/2007/07/tech_talk_1.html?sourceid=NCM_07_07_tt1

I think with this article our problem about authentication and login scripts colud be resolved.

Hi Juliano, I am not using the NAC appliance but we did find a way to make ACS work by changing the GINA from NWGINA to MSGINA. This allows Windows to log in first and then authenticate to Novell and run the login script. This may work with the NAC appliance too.

Change

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"GinaDLL"="NWGina.DLL"

to

"GinaDLL"="MSGina.DLL"

Tom

Hi everyone

Enjoying the title ( problems with novell ), I'd like to post here my problem with workstation that have Novell Software.

So, I have a customer who´s have Nac in his network.

Nac appliance works in Out-of-band Mode - Virtual Ip Gateway.

So the Nac works in almost 99% the totally network. And works very very well.

We have a problems  in some workstation with novell software...(about 6 machines)  Until now I teste 2 workstation with to end-users ( employees ).

So the first workstation since first moment ( windows logon (novel logon), windows initiation, desktop appears,initialization of the software in general, software Cisco Agent appears doing the SSO (authentication, checks Antivirus in AUDIT mode only)... and worked very very well.

The second workstation with other end-user, when the user restart the pc (simulate turnOn the PC), The Nac put the user in authenticated vlan (untrusted vlan), so when appears the windows logon(novell logon) - user put the credencials.

After that , windows start initiating but DON´T appears the Desktop (Blue screen). If the end-user type a Ctrl+Alt+Del and start a new task :  Explorer.exe, appears the Desktop, and we can see all softwares start iniating include the Cisco Agent Software doing SSO and put the user to Access Vlan normally.

So, remeber...  my network works very fine with Cisco Nac. I have 1 machine with novell software works fine without any additional configuration In Nac Manager.

But the rest of this workstation (iqual second machine) have the same problema. (blue screen without initiating the desktop). 

IF I take out  the portprofile in the user interface. The workstation works fine when initiated.

Someone have any ideia about this problem ???????

Ps: sorry about any incorrect word, or expression.

Review Cisco Networking for a $25 gift card