Linux AD Auth - Verification
Test Results Matrix
| Test | Expected | Actual | Status |
|---|---|---|---|
AD connectivity pre-dACL (port 88) |
FAIL (blocked by Research_Onboard) |
||
AD connectivity post-dACL (port 88) |
OK |
||
Kerberos kinit |
Ticket acquired |
||
SSH with AD account |
Login successful |
||
klist shows valid ticket |
Ticket displayed |
||
Lateral movement (ping 10.x.x.x) |
BLOCKED |
||
Internet egress (curl google.com) |
HTTP 200 |
||
ISE session shows correct profile |
Linux_Research_AD_Auth |
Deployment Verification Checklist
| Check | Status |
|---|---|
Target workstation MAC address obtained |
[ ] |
Target workstation location (switch/port) confirmed |
[ ] |
Workstation domain-joined and SSSD running |
[ ] |
dACL created in ISE: DACL_LINUX_RESEARCH_AD_AUTH |
[ ] |
Authorization profile created: Linux_Research_AD_Auth |
[ ] |
Authorization rule added to policy set at rank 0 |
[ ] |
CoA issued and new policy applied |
[ ] |
AD connectivity post-dACL (ports 53, 88, 389, 636, 445) |
[ ] |
Kerberos kinit successful |
[ ] |
SSH with AD credentials working |
[ ] |
Lateral movement blocked (RFC1918 denied) |
[ ] |
Internet egress confirmed |
[ ] |
ISE session shows correct authorization profile |
[ ] |