Create an authentication option for users not in AD or with an agent installed

Comments

5 comments

  • Avatar
    mattwilson9090

    Just how is this supposed to work? What are these devices supposed to authenticate to, and how? OpenDNS is an internet based service, how are they supposed to have control over local DNS servers?

    You say this is so that you can get information when someone is using company resources. Are you trying to do this with the free HOME OpenDNS product? If so, you are in violation of OpenDNS licensing rules, since the free product is only for Home users, not corporate users. You'll need to use one of the pay products, such as one of the various Umbrella products. Regardless of which OpenDNS product you use my initial questions still stand.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "When a device makes a call to the local DNS servers and they are not an AD or client installed device; force them to authenticate to DNS for the session."

    This sounds like a requirement for your local DNS servers.  Why do you post it here and not at Microsoft?

    0
    Comment actions Permalink
  • Avatar
    rayars

    We use the OpenDNS MSP licenses and this specifically applies to locations where we have installed the OpenDNS VM servers in use, AD connector and client agents at the site. This would need to be a function provided in the OPENDNS VM's installed at the site.

    0
    Comment actions Permalink
  • Avatar
    rayars

    The OpenDNS VMS are the local DNS servers. If the DNS request is for the local network the redirect to the Microsoft ones, if not they redirect to the OpenDNS ones. This is the only place DNS authentication of non-local devices can be processed. This is needed to the Activity reporting of OpenDNS.

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    Aw, you left out critical information that would have allowed people to understand what you were talking about and asking for.

    How do you want this authentication to function? Is the user supposed to somehow log into with an OpenDNS account, or do you mean something else by authenticate?

    Since authentication isn't a function of the DNS spec it's a little unclear what exactly you want to happen since you want this feature to work without AD or an agent.

    0
    Comment actions Permalink

Please sign in to leave a comment.