Versions Compared

Version Old Version 4 New Version Current
Changes made by

Arkadi_Bourkov

Ryan Kulek (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Active Directory™ (AD)

Anchor
bookmark458
bookmark458
is a distributed directory service that is a repository for user information. The NIOS appliance can authenticate admin accounts by verifying user names and passwords against Active Directory. In addition, the NIOS appliance queries the AD domain controller for the group membership information of the admin. The appliance matches the group names from the domain controller with the admin groups on its local database. It then authorizes services and grants the admin privileges, based upon the matching admin group on the appliance.
Figure 4.6 bookmark459 illustrates the Active Directory authentication process.

Anchor
bookmark459
bookmark459
Figure 4.6 Authentication Using a Domain Controller

Drawio
width
bordertrue1
viewerToolbartrue
fitWindowfalse
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramName4.6
simpleViewerfalse
zoom1
pageId22250294
custContentId7083247
lbox1
contentVer1
revision12

To configure NIOS to authenticate administrators using Active Directory domain controller groups, you must first configure user accounts on the domain controller. Then, on the NIOS appliance, do the following:

  • Configure one or more AD authentication server group on the appliance and add AD domain controllers to the group. For information about configuring an AD authentication service group for admins, see Configuring an Active Directory Authentication Service Group bookmark460 bookmark460.
  • If you configured admin groups on the AD controller, you must create those same groups on the NIOS appliance and specify their privileges and settings. Note that the admin group names must match those on the AD domain controller. You can specify a default group as well. The NIOS appliance assigns admins to the default group if none of the admin groups on the NIOS appliance match the admin groups on the AD domain controller or if there are no other admin groups configured. For information about configuring group permissions and privileges, see About Admin Groups .
  • Add the newly configured Active Directory service to the list of authentication services in the admin policy, and add the admin group names as well. See Defining the Authentication Policy for more information about configuring an admin policy.

...