Customize log in and log out scripts
FortiNAC allows you to register hosts using log in and log out scripts. These scripts are provided for you on the appliance. They contain variables that must be modified to match your environment and requirements. Scripts are located in the following directory:
/bsc/campusMgr/ui/runTime/config/ldap
Scripts that should be modified include sendLogIn.vbs
, and sendLogOut.vbs
. It is recommended that you review the comments contained within the script. They contain the most up to date information about variables that can be used and additional parameters that can be set.
To use the scripts they must be copied to the directory server, such as your Active Directory Server. After they have been copied, use the information in the Variables and Trap parameters tables below to modify the necessary parameters.
To receive traps from the scripts, you must have the latest versions of snmptrap.exe
and libsnmp.dll
on the directory server in the same directory that contains the scripts. These two files are part of a package that can be downloaded and installed on your directory server from http://www.net-snmp.org/download.html . Select the latest binaries. From the list of download files select the file that is in the following format: net-snmp-<version number>.exe
.
Registration types
There are two types of registration that can be done using scripts. A machine can be registered as a host with an associated user or as a device with no identity. When a machine is registered as a device, the host name of the device is used. Machines can also be left as rogues.
If you are registering shared machines, such as computers in a lab, you may want to modify the script to register the computers as devices.
Registration type |
Settings |
---|---|
Host / User |
Register the machine as a host by user name. REG_ROGUE = "0" REG_BY_USER = "1" |
Device |
Register the machine as a device by host name. REG_ROGUE = "0" REG_BY_USER = "0" |
Registration Examples
User View - Registration Type Host/User
Host View - Registration Type Host/User
In the two preceeding examples above, the log in script was set to register by user. Both the machine and the user are shown, first from the User View and second from the Host View. The machine shows as Type - Registered, indicating that it is registered to a user. The machine is associated with or Registered To the user.
User View - Registration Type Device
Host View - Registration Type Device
In the two examples above, the log in script was set to register by device. Both the machine and the user are shown, but there is no association between the machine and the user. The User View example shows Type - Logged On, indicating that the user is logged onto this machine but that the machine is not Registered to a user. The Registered To field is blank. The Host View represents the actual computer. The User View represents the temporary user who logged into the machine.
Variables
Variable |
Definition |
---|---|
Indicates whether this script is for logon or logoff. Type = Integer Example: ACTION = "1" |
|
REG_ROGUE |
When Register is enabled, machine is registered either by user name or as a device by host name based on the Register by User setting. If Do not register is enabled, the machine remains a rogue. Type = Integer Example: REG_ROGUE = "0" |
WHITELIST |
If enabled, adds the machine to the Forced User Authentication Exceptions group. A user logging in on a machine in this group is not forced to authenticate. Default is disabled. Type = Integer Example: WHITELIST = "0" |
REG_BY_USER |
Registers the machine by user name as a host or by host name as a device. Type = Integer Example: REG_BY_USER = "0" |
DIRECTORY_SERVER |
Your Active Directory server. If you have more than one Active Directory server for failover, it is recommended that you use your domain name instead of the IP address. Example: DIRECTORY_SERVER = "192.168.102.2" Example: DIRECTORY_SERVER = "bradfordnetworks.com" |
DIRECTORY_SHARED |
Active Directory server's shared directory where the login/logoff scripts, snmptrap.exe and libsnmp.dll files are stored. If you have more than one Active Directory server for failover, it is recommended that you use your domain name instead of the IP address. Example: Example: |
USE_ENV_USERNAME |
Indicates whether or not the user name should come from another variable. To enable, set this to True. If you are not using Novell or if the User Name entered at log in is sufficient, set this to False. Example: USE_ENV_USERNAME = False |
ENV_USERNAME_VARIABLE |
The variable containing the User Name. This information is used only if USE_ENV_USERNAME is set to True. Example: ENV_USERNAME_VARIABLE = "%NWUSERNAME%" |
Wscript.Sleep 5000 |
Add before the last “End If” statement. This makes the script wait 5 seconds allowing more time for processes to start or finish. REM End If |
You may choose to make other modifications to the script to accommodate requirements outside FortiNAC. For example, you may choose to add a timer that waits a few seconds before ending the script.
Trap parameters
The log in and log out scripts send a trap to FortiNAC that contains the values of the variables listed above along with registration parameters from the user. To receive traps from the scripts, you must have the latest versions of snmptrap.exe
and libsnmp.dll
on the directory server in the same directory that contains the scripts. These two files are part of a package that can be downloaded and installed on your directory server from http://www.net-snmp.org/download.html . Select the latest binaries. From the list of download files select the file that is in the following format: net-snmp-<version number>.exe
.
OID |
Description |
Definition |
---|---|---|
1.1 |
Action |
Value of the Action variable. |
1.2 |
User Name |
User name of the person logging in or out. Type = String |
1.3 |
Machine Name |
Hostname of the machine used to log in or out. Type = String |
1.4 |
Machine IP |
IP address of the machine used to log in or out. Type = IP Address |
1.5 |
Machine MAC |
MAC address of the machine used to log in or out. Type = String |
1.8 |
Operating |
Operating System of the machine used to log in or out. Type = String |
1.10 |
Register Rogue |
Value of the Reg_Rogue variable. |
1.11 |
Whitelist |
Value of the Whitelist variable. |
1.12 |
Register by User |
Value of the Register by User variable. |