Versions Compared

Version Old Version 2 New Version 3
Changes made by

Arkadi_Bourkov

Arkadi_Bourkov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Active Directory™ (AD)

Anchor
bookmark458
bookmark458
is a distributed directory service that is a repository for user information. The NIOS appliance can authenticate admin accounts by verifying user names and passwords against Active Directory. In addition, the NIOS appliance queries the AD domain controller for the group membership information of the admin. The appliance matches the group names from the domain controller with the admin groups on its local database. It then authorizes services and grants the admin privileges, based upon the matching admin group on the appliance.
Figure 4.6 illustrates the Active Directory authentication process.

Anchor
bookmark459
bookmark459
Figure 4.6 Authentication Using a Domain Controller Administrator NIOS Appliance Domain Controller
Image Removed
Image Removed
Image Removed
Image Removed
Image Removed
Image Removed
Image Removed
Image Removed
1 A user makes an HTTPS connection to the NIOS appliance and sends an account name and password.

  1. The appliance checks the authentication policy to determine which authentication service to use. The authentication policy

Image Removed
Image Removed
specifies an AD authentication service.

  1. The appliance sends an authentication request to the first domain controller in the AD server group. The appliance also

requests the group membership information of the admin.
4aThe appliance lets the user log in and applies the authorization profile.
The appliance grants all permissions specific to the administrator based on the group membership sent from the domain controller associated with the admin account. If there is no group membership information for the admin, the default group is assigned (if configured).
Authentication is successful. The domain controller successfully authenticates the admin user. The group membership information for the administrator is sent to the appliance. The first group in the list that matches the groups returned by the domain controller is assigned to the admin, along with the associated permissions after that admin logs in.
The appliance does not allow the user to log in.4b Authentication is unsuccessful. The domain controller sends back a deny
access result to the appliance. No group membership information is sent. <place for figure>

To configure NIOS to authenticate administrators using Active Directory domain controller groups, you must first configure user accounts on the domain controller. Then, on the NIOS appliance, do the following:

...