Single sign-on by VxLogon
VxLogon is a script version of NxLogon to avoid of having problems with anti-virus softwares. It is simpler and easier to deploy and not causing any issue with anti-virus softwares.
Before you implement single sign-on against Active Directory, you need to import users and groups first. To import users and groups, read GUI overview > User.
How it worksTo run it, you need to activate it on 'User > VxLogon' on NxFilter GUI first and then register 'vxlogon.vbs' from VxLogon package as a Windows logon script on GPO. About how to register it on GPO, read Authentication > SSO by NxLogon. The procedure is basically the same.
Unlike NxLogon, you don't need to specify server IP for VxLogon.
Security problemWith VxLogon, to make things easier and simpler, we use DNS protocol as the communication protocol between VxLogon and NxFilter. As a result, you many have some users smart enough to find a way of logging-in with another username to acquire an alleviated permission because the protocol exposed in a script file. To prevent this kind of problem, we added an additional security procedure to activate VxLogon. We defined two special domains for logon and logoff with VxLogon. On 'User > VxLogon',
- Logon Domain : vxlogon.example.com
- Logoff Domain : vxlogoff.example.com
Since we use 'nslookup' internally, you have to keep the trailing dot when you change the domains.
TroubleshootingIf you run 'vxlogon.vbs' on CMD you will not be able to see any output because it will run by 'wscript' which is the default VBSCript engine on Windows. If you want to verify your deployment with logging, run it with 'cscript' command,
And run NxFilter on CMD as well so that you can monitor what is going on NxFilter side.