Kerberos Authentication Type Support

Kerberos authentication support in ONEPolicy is achieved using NAC with IDM XML events.

With NetLogin, ONEPolicy, and IDM enabled, once the MAC address is authenticated and IDM table is populated with the MAC user and with Kerberos correlated user, using XML target configured in ExtremeXOS, the IDMGR events are be sent to Extreme Management Center server using HTTP/HTTPS. Extreme Management Center after receiving the XML event decides what to do with the profiles configured for Kerberos.

With NetLogin, ONEPolicy, and IDM enabled, once the MAC address is authenticated using NAC as a RADIUS Server and the IDM table is populated with the MAC user and with Kerberos correlated user, using XML target configured in ExtremeXOS switch, the IDMGR events are sent to Extreme Management Center server (Netsight) using HTTP/HTTPS. For ONEPolicy + IDM + Kerberos to work NAC should be the RADIUS server. Using an external RADIUS server, and with XML events alone configured to send to Extreme Management Center, does not work since the IDM table is not populated with ONEPolicy enabled for NetLogin MAC/Dot1x/Web entries. IDM table is populated only for Kerberos user with ONEPolicy enabled.

For information about how to configure Kerberos authentication type, see Configuring Kerberos Authentication Type.