|
Authenticator Application
The Authenticator ensures the end user is identified on his/her
workstation, via an executable file that launches during the login
process. To use this option in a Windows environment, the Authenticator
client can be installed on the user’s workstation or launched
from a network share during login. In a Macintosh environment, the
application should be installed on the client machine, where it
will be automatically launched when the user logs in.
NOTE: Please refer to the
Authentication User Guide for more details about the Authenticator
and how to configure and use it.
Authenticator Deployment Kit
The Authenticator Deployment Kit, used for configuring the Authenticator
for deployment via the Package Editor, is comprised of the following
resources:
• Unconfigured packages containing the Authenticator software
• A tool for setting or modifying Authenticator packages (the
“package editor,” CfgTool.exe)
• A script for uninstalling the Authenticator from a Macintosh
workstation (Uninstall-Authenticator.sh)
Top
Workflow in Environments
The administrator downloads and then installs the Authenticator
Deployment Kit on his/her machine. Then he/she uses the Package
Editor application to configure packages for a Windows or Macintosh
environment.
Windows environment
1. Once the Authenticator client package for Windows is configured,
the administrator installs that package on target workstations,
or deploys it via a network logon script.
2. Using a Windows machine, an end user logs on the Active Directory
domain, or logs on the eDirectory tree via a Novell client.
3. The Authenticator is launched in one of the following methods,
based on the installation mode setup:
a. Netlogon Mode - If the Authenticator is deployed via a network
login script, the script invokes Authenticat.exe from a network
share.
b. User Mode - If installed in User Mode, Authenticator is launched
from the user’s local \Program Files tree via a startup registry
key.
c. Service Mode - If installed in Service Mode, Authenticator starts
with Windows, and detects the user login dynamically.
4. Authenticator determines the authentication environment, then
retrieves the username and related identifying information using
either Windows or Novell APIs, and sends this information (via LOGON
event) to the Web Filter.
5. The Web Filter looks up the group memberships for the user (via
Windows AD, PDC, or eDirectory through LDAP), and determines the
profile assignment.
6. The Web Filter sets the profile for the end user with username
(including the group name, if it is available) and IP.
7. The Authenticator client periodically sends a “heartbeat”
packet to the Web Filter to sustain the connection and profile as
long as the user is logged in and connected to the network.
8. The end user logs off, and the Authenticator client sends
a LOGOFF event to the Web Filter. The Web Filter removes the user's
profile.
Top
Macintosh environment
1. Once the Macintosh package is configured, the administrator installs
the package on target workstations.
2. An end user logs on the domain, and OS X launches Authenticator.
3. Authenticator identifies the end user by using OS X Directory
Services, retrieving the username and related identity information,
which it sends to the Web Filter (via a LOGON event).
4. The Web Filter looks up the user’s group memberships and
determines the profile assignment.
5. The Web Filter sets the profile for the end user with username
(including the group name, if it is available) and IP.
6. Authenticator client continually sends a “heartbeat”
to the Web Filter until the end user logs off or disconnects.
7. If the user logs off, Authenticator sends a LOGOFF event to the
Web Filter. The Web Filter removes the user’s profile.
Top
Default Locations for Debug Logs
The following information in this section presumes that the
LF[] parameter is not being used, which would override the default
logfile.
Windows environment
In User and Netlogon Mode, the log file is maintained in:
| Windows
XP |
C:\Documents
and Settings\<username>\Local Settings\ Application Data\M86Authenticator\Log |
| Windows
Vista/7 |
%LOCALAPPDATA%\M86Authenticator\Log\
m86authenticator.log
NOTE: An easy way to find the LOCALAPPDATA folder is to open
Windows Explorer and enter "%LOCALAPPDATA%" in the
location bar. (On Windows 7, this might take you to a location
such as c:\Users\{username}\AppData\Local.) |
Top
In Service Mode, the log file is maintained in:
| Windows
XP |
C:\Documents
and Settings\LocalService\Local Settings\ Application Data\M86Authenticator\Log\
m86authenticator.log |
| Windows
Vista |
%windir%\system32\config\systemprofile\AppData\Local\
M86Authenticator\Log\m86authenticator.log |
| Windows
7/32-bit |
%windir%\System32\config\systemprofile\AppData\Local\
M86Authenticator\Log\m86authenticator.log |
| Windows
7/64-bit |
%windir%\SysWOW64\config\systemprofile\AppData\Local\
M86Authenticator\Log\m86authenticator.log |
NOTE: The above
varied paths indicate the "profile directory" for the
SYSTEM account, the account Authenticator uses when running as a
service.
Macintosh environment
The log file for Authenticator 2.x is located in $HOME/Library/Logs/m86authenticator.log.
For maximum verbosity, specify LD[4] in the configuration.
Related
Topics:
Back
| Top |
