Administrators of enterprises and other organizations can implement network access control in order to control the ability of endpoint devices to access resources of a computer network. For example, an enterprise may implement a computer network that includes an email server. In order to prevent unauthorized users from communicating with this email server, the enterprise may implement a network access control system that prevents unauthorized users from sending network communications via the computer network unless the users provide a correct username and password.
To gain access to protected network resources, a client executing on an endpoint device may establish a network access session with a network access control server executing on a policy decision point (e.g., a network access control device). To establish the network access session, the client may issue a request to establish a network session to the network access control server and/or issue a request for one or more protected network resources on the network. The network access control server may authenticate the identity of a user based on one or more security credentials (e.g., a username/password combination) provided by the endpoint device, and grant access to authenticated devices that satisfy the security policy implemented by the network access control server. In some cases, the security policy may grant access to all authenticated users.
After an endpoint device has been authenticated (e.g., based on the supplied user credentials) and any other optional security policy criteria are fulfilled, the network access control server may establish a network access session with the user. For example, the network access control server may issue one or more policies to one or more enforcement devices that allow the authenticated user to access one or more sets of protected resources on the network.
In order to process the received credentials to determine whether to authenticate an endpoint device, the network access control server is configured to match the credentials against proven credentials stored at an authentication server. As an example, the network access control server is configured to receive user credentials from an endpoint device, and in response, to match the user credentials against trusted credentials stored at the authentication server. If the user credentials match against any of the trusted credentials, the network access control server grants the endpoint device access to the enterprise network. In turn, after completing authentication of the endpoint device, the network access control server fetches communication session attributes from an LDAP server, and configures the communication session with the endpoint device using the fetched attributes.