Active Directory Service Configuration
- Viktoryia Varapayeva (Deactivated)
Configuring AD services requires knowledge of the following key values:
The Active Directory Domain.
Whether to use anonymous or verified (Authenticated) Authentication between NetMRI and the AD server.
An SSL certificate from the AD server if one is required.
The IP address of the AD server.
The port number (normally, you will retain the default).
The names of the remote groups on the AD server containing the users intended to log in to the NetMRI appliance.
To configure an Active Directory authentication service for NetMRI, complete the following:
Go to the Settings icon > General Settings > Authentication Services page.
Click New to add a new authentication service. The Add Authentication Service dialog box opens.
Enter the Name and Description.
Set the Priority and Timeout of the AD service. The Priority value, in which higher values provide a lower priority for service execution ("3" provides a lower priority than "1") should be set to 1 if the AD service is planned to be the first of two or more authentication options.
Choose Active Directory as the Service Type. The Service Specific Information pane updates to show the required AD settings.
Enter the AD Domain value for the new AD service (example: engineering.corp100.local).
Click Save.
If desired, click Disable service (this completely disables the service, but does not change or delete any settings) or Disable authorization. This disables the new service from performing any group searches but allows basic authentication of user accounts from the Active Directory server, and requires the user accounts to be defined locally on the appliance.
To configure the authentication service's Active Directory servers, complete the following:
In the Add Authentication Service dialog box, click the Servers tab.
To add Active Directory servers to the service, click New. The Add Authentication Server dialog box opens
In the Add Authentication Server dialog box, do the following:
Enter the Host/IP Address.
Choose the Encryption Type: None or SSL. For information, see Using a Certificate File for an LDAP or AD Service. In the Encryption field, if you select SSL, the Authentication Port field changes its value to match the SSL protocol.
If using SSL, choose the certificate from the Certificate drop-down list. The certificate can be loaded into NetMRI from the server that issued it.
When configuring authentication using Active Directory with SSL encryption, a fully qualified domain name (FQDN) is required for the Server Name or IP address field in the Add Active Directory Server dialog.Choose the Priority for the new server in the authentication service. In this context, the priority value determines the order in which servers in the services are queried by NetMRI.
If necessary, enter the Port value. AD's default TCP application with SSL encryption port is 636, and 389 for non-encrypted communication.
Click Save to save your configuration.
Click Cancel.
To assign the AD service's remote groups with NetMRI's local roles, complete the following:
Click the Remote Groups tab.
In the Remote Group field, enter the name of an AD server's remote group.
Choose the Role for the new remote group. For more information, see Defining and Editing Roles.
Select the checkboxes for the device groups you want to allow for the remote group. Note that the SysAdmin role applies to all device groups. Other roles allow the selection of individual device groups.
Click OK to complete the configuration.
When finished with the remote group configuration, click Save and then Close. Note that you can add multiple Roles for the remote group.
To test the server settings, click Test. Enter a valid username and password. A successful test returns the list of groups to which the test user belongs.