Versions Compared

Old Version 1

changes.mady.by.user Viktoryia Varapayeva

Saved on

compared with

New Version Current

changes.mady.by.user Viktoryia Varapayeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Go to the Settings icon > General Settings > Authentication Services page.

  2. Click New to add a new authentication service. The Add Authentication Service dialog box opens.

  3. Enter the Name and Description.

  4. Set the Priority and Timeout of the AD service. The Priority value, in which higher values provide a lower priority for service execution ("3" provides a lower priority than "1") should be set to 1 if the AD service is planned to be the first of two or more authentication options.

  5. Choose Active Directory as the Service Type. The Service Specific Information pane updates to show the required AD settings.

  6. Enter the AD Domain value for the new AD service (example: engineering.corp100.local).

  7. Click Save.

  8. If desired, click Disable service (this completely disables the service, but does not change or delete any settings) or Disable authorization. This disables the new service from performing any group searches but allows basic authentication of user accounts from the Active Directory server, and requires the user accounts to be defined locally on the appliance.

...

  1. In the Add Authentication Service dialog box, click the Servers tab.

  2. To add Active Directory servers to the service, click New. The Add Authentication Server dialog box opens

  3. In the Add Authentication Server dialog box, do the following:

    1. Enter the Host/IP Address.

    2. Choose the Encryption Type: None or SSL. For information, see Using a Certificate File for an LDAP or AD Service topic on this pageService. In the Encryption field, if you select SSL, the Authentication Port field changes its value to match the SSL protocol.

    3. If using SSL, choose the certificate from the Certificate drop-down list. The certificate can be loaded into NetMRI from the server that issued it.
      When configuring authentication using Active Directory with SSL encryption, a fully qualified domain name (FQDN) is required for the Server Name or IP address field in the Add Active Directory Server dialog.

    4. Choose the Priority for the new server in the authentication service. In this context, the priority value determines the order in which servers in the services are queried by NetMRI.

    5. If necessary, enter the Port value. AD's default TCP application with SSL encryption port is 636, and 389 for non-encrypted communication.

    6. Click Save to save your configuration.

    7. Click Cancel.

...

  1. Click the Remote Groups tab.

    1. In the Remote Group field, enter the name of an AD server's remote group.

    2. Choose the Role for the new remote group. For more information, see Defining and Editing Roles.

    3. Select the checkboxes for the device groups you want to allow for the remote group. Note that the SysAdmin role applies to all device groups. Other roles allow the selection of individual device groups.

    4. Click OK to complete the configuration.

    5. When finished with the remote group configuration, click Save and then Close. Note that you can add multiple Roles for the remote group.

  2. To test the server settings, click Test. Enter a valid username and password. A successful test returns the list of groups to which the test user belongs.