Re: Novell Client working with Cisco's NAC solution
The clean access doesn't install a GINA of it's own. Here is basically how it works:
1) You boot up in a "unauthenticated" role where the network only allows you access to specified resources. In a Microsoft/AD world this would be your domain controllers, and with eDirectory we'll have to make our eDir server available as well.
2)Once the NAC appliance detects the successful login (it only cares about the login to AD), it cuts of all network connectivity until...
3)After your login is completed and your profile has been loaded, the Cisco Clean Access agent launches in the systray. (It is launched by a shortcut in the startup folder)
4)The clean access agent then uses your AD login information to login to the NAC appliance
5)Then the agent checks to make sure your computer meets whatever mandatory policies you might have configured (Anti-Virus installed and up to date, Windows Updates applied, etc). If you meet the criteria your network access is restored.
Obviously, there is normally quite a bit of network activity in the time frame between parts 2 and 5 such as login scripts running, etc.
In our AD only offices we had to place a set of commands at the very beginning of the login script to pause the login script until it could successfully ping something. We're thinking we'll have to try something similar with the Novell login scripts.
The only suggestion from Cisco's forum was to disable the login script altogether. Then set something up that runs "loginw32 /na /cont" after the Clean Access agent.
Cisco's official response is that they don't support the Novell client with their NAC appliance. Altogether, It's a pretty poorly designed product if you ask me but unfortunately we've already purchased it. I'll post back if I have any success getting things to work or specific errors I need help with.
|
Threaded Mode
