Active Directory Integration



Similar documents
Configuring Sponsor Authentication

Summary. How-To: Active Directory Integration. April, 2006

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

SUSE Manager 1.2.x ADS Authentication

Intel Entry Storage System SS4200-E Active Directory Implementation and Troubleshooting

How to Join QNAP NAS to Microsoft Active Directory (AD)

To enable an application to use external usernames and passwords, you need to first configure CA EEM to use external directories.

Dell Compellent Storage Center

CYAN SECURE WEB HOWTO. NTLM Authentication

Configuring User Identification via Active Directory

Basic Configuration. Key Operator Tools older products. Program/Change LDAP Server (page 3 of keyop tools) Use LDAP Server must be ON to work

LDaemon. This document is provided as a step by step procedure for setting up LDaemon and common LDaemon clients.

Alcatel-Lucent Extended Communication Server Active directory synchronization : installation and administration

Managing User Accounts

Collax Active Directory

Configuring MailArchiva with Insight Server

Integrating Linux systems with Active Directory

Enterprise Apple Xserve Wiki and Blog using Active Directory. Table Of Contents. Prerequisites 1. Introduction 1

Instructions for Adding a MacOS 10.4.x Server to ASURITE for File Sharing. Installation Section

The following process allows you to configure exacqvision permissions and privileges for accounts that exist on an Active Directory server:

HP Device Manager 4.7

Chapter Thirteen (b): Using Active Directory Integration

Configuring HAproxy as a SwiftStack Load Balancer

Using LifeSize systems with Microsoft Office Communications Server Server Setup

1 Introduction. Ubuntu Linux Server & Client and Active Directory. Page 1 of 14

Instructions for Adding a MacOS 10.4.x Client to ASURITE

LDAP User Guide PowerSchool Premier 5.1 Student Information System

Managing User Accounts

NETASQ ACTIVE DIRECTORY INTEGRATION

Installation Steps for PAN User-ID Agent

Configuring an IP (SIP) Polycom Soundstation on the Avaya IP Office

OnCommand Performance Manager 1.1

(june > this is version 3.025a)

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Integrating Mac OS X 10.6 with Active Directory. 1 April 2010

CA Performance Center

Integration with Active Directory. Jeremy Allison Samba Team

Information Systems Services. Configuring Entourage 2008 to connect to the University s Exchange service Version 2.2 February 2009

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

Technical Publications

Hansoft LDAP Integration

Active Directory Integration

Avatier Identity Management Suite

How To Connect A Gemalto To A Germanto Server To A Joniper Ssl Vpn On A Pb.Net 2.Net (Net 2) On A Gmaalto.Com Web Server

CONFIGURING ACTIVE DIRECTORY IN LIFELINE

Integrating LANGuardian with Active Directory

Workspot Configuration Guide for the Cisco Adaptive Security Appliance

Integrating Red Hat Enterprise Linux 6 with Microsoft Active Directory Presentation

Charles Firth Managing Macs in a Windows World

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

How to Logon with Domain Credentials to a Server in a Workgroup

Simple Scan to Setup Guide

SCADA Security. Enabling Integrated Windows Authentication For CitectSCADA Web Client. Applies To: CitectSCADA 6.xx and 7.xx VijeoCitect 6.xx and 7.

Contents. Introduction. Prerequisites. Requirements. Components Used

Enabling single sign-on for Cognos 8/10 with Active Directory

HP Device Manager 4.6

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Stonesoft Firewall/VPN 5.4 Windows Server 2008 R2

IIS, FTP Server and Windows

SchoolBooking SSO Integration Guide

Configuring Squid Proxy, Active Directory Authentication and SurfProtect ICAP Access

Network Startup Resource Center

How to Configure Active Directory based User Authentication

Active Directory Service. Integration Parameters and Implementation

Enter host information:

Desktop : Ubuntu Desktop, Ubuntu Desktop Server : RedHat EL 5, RedHat EL 6, Ubuntu Server, Ubuntu Server, CentOS 5, CentOS 6

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

File sharing in Windows XP

F-Secure Messaging Security Gateway. Deployment Guide

VMware Identity Manager Administration

Big Data Operations Guide for Cloudera Manager v5.x Hadoop

Basic Exchange Setup Guide

VMware Identity Manager Connector Installation and Configuration

SCOPTEL WITH ACTIVE DIRECTORY USER DOCUMENTATION

Creating Home Directories for Windows and Macintosh Computers

Advanced Administration

Integrating Webalo with LDAP or Active Directory

Getting Started with Clearlogin A Guide for Administrators V1.01

LucidNAS Quick Start Guide

How To Configure A Bomgar.Com To Authenticate To A Rdius Server For Multi Factor Authentication

Microsoft Entourage 2008 / Microsoft Exchange Server Installation and Configuration Instructions

Vocia MS-1 Voice-over-IP Interface. Avaya System Verification. Configuring Avaya Aura Session Manager system with Biamp s Vocia MS-1

IPBrick - Member of AD domain IPBrick iportalmais

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

PineApp Surf-SeCure Quick

Active Directory 2008 Implementation. Version 6.410

Using LifeSize Systems with Microsoft Office Communications Server 2007

Security Provider Integration Kerberos Authentication

MICROSOFT ISA SERVER 2006

User Management Guide

Scan to Quick Setup Guide

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

Active Directory integration with CloudByte ElastiStor

Active Directory Authenication

From Release 8.0, IPv6 can also be used to configure the LDAP server on the controller.

Basic Exchange Setup Guide

Citrix XenMobile Mobile Device Management

v7.8.2 Release Notes for Websense Content Gateway

Transcription:

SwiftStack Gateway Active Directory Integration Summary There are two main ways of integrating the SwiftStack Gateway with Microsoft Active Directory authentication: RID, using winbind LDAP For most implementations using the RID method will typically work best, as it should work across all versions of Windows Server and Active Directory. For older versions of Windows, before Windows 2012 R2, and in cases where AD is also integrated into standard LDAP, it's also possible to use LDAP authentication. The following sections assume that you've already set up and configured a basic functioning gateway and created a CIFS/SMB share. If you haven't done so, please go ahead and install, claim and configure a gateway before proceeding with the Active Directory integration steps below. Prerequisites SELinux SELinux is currently not supported on the SwiftStack Gateway and therefore needs to be turned off. Red Hat and CentOS both have SELinux turned on and set to 'enforce' by default. To check the status of SELinux on your Gateway node, you can run: $ sestatus To turn SELinux off, you can edit the file /etc/selinux/config and replace 'enforce' with 'disabled'. For the change to take effect, you need to reboot your Gateway. Page 1 of 6

Active Directory with RID (winbind) The SwiftStack Gateway can use Samba and winbind to query Windows RID accounts. This is the preferred way of integrating the SwiftStack Gateway with an Active Directory environment. For the integration to work, the Gateway needs to be joined to the Windows domain using an account belonging to the Windows Administrators group on the domain. Gateway AD Domain Configuration Before joining the Gateway to the domain you first need to configure the Active Directory settings in the SwiftStack Controller web UI. Go to the Manage page for the Gateway. On the left menu, click on the Auth tab. Click on the 'CIFS' (Active Directory) section to reveal the settings available. Fill out the FQDN or IP address of your primarily AD server. Some older versions of Windows may be case sensitive when it comes to the Windows domain name, so be sure to put in your domain name correctly. Once you've filled out the correct settings for your domain, click on 'Submit' at the bottom of the page. Finally, after submitting the changes, you also need to push the AD configuration to the Gateway for the changes to take effect. Joining The Gateway To The Domain After the configuration push has completed, you must join the Gateway server to the domain. Joining the domain from the Gateway must currently be done from the command line. To join the Gateway to the domain run the following command: $ sudo ad_join -r <ad-server-fqdn> -d <username> -p <password> Testing That Everything Works When the Gateway has been successfully joined to the domain, everything should work. You can test that the Gateway can indeed see accounts and groups on the domain and verify that it can authenticate properly. Except for simply testing file share access from a Windows account on the domain, you might want to run a set of diagnostics command on the Gateway to ensure it can see accounts and groups on the Windows domain: Query domain users: $ wbinfo -u Query domain groups: Page 2 of 6

$ wbinfo -g Also make sure the Gateway can authenticate users on the AD domain: $ getent passwd If all the above works properly, move on to functionally test that clients can see and interact with the Windows (SMB/CIFS) shares you've created on the Gateway. Gateway CIFS Settings with RID Below are examples from the CIFS settings page required to use Windows RID authentication with the SwiftStack Gateway. Setting CIFS workgroup CIFS case sensitive AD enabled CIFS realm Kerberos admin server CIFS browser announce CIFS id mapping CIFS id range min CIFS id range max Value DOMAIN <as needed> Checked DOMAIN.COM IP or FQDN 0.0.0.0 (default) rid Page 3 of 6

Active Directory with LDAP Microsoft s Active Directory is based on a Microsoft version of LDAP, and thus, it s possible to integrate the SwiftStack Gateway using LDAP too. However, using Active Directory LDAP integration requires that ID Management for Unix (IDmU) tools to be installed on the Active Directory server. IDmU has been deprecated in Windows 2012 R2 and it is therefore not recommended to install IDmU on Windows 2012 R2 (or newer). Consequently, if you are integrating with a Windows 2012 R2 based domain controller, you should use the Active Directory with RID (winbind) section above. Gateway CIFS Settings with LDAP Below are examples of the settings required to use LDAP authentication with the SwiftStack Gateway. Note that if using AD/LDAP integration, it is also required to configure the LDAP schema on the LDAP settings page. CIFS Setting CIFS workgroup CIFS case sensitive AD enabled CIFS realm Kerberos admin server CIFS browser announce CIFS id mapping CIFS id range min CIFS id range max Value DOMAIN <as needed> Checked DOMAIN.COM IP or FQDN 0.0.0.0 (default) ldap Page 4 of 6

Gateway LDAP Settings The following LDAP settings are examples of an LDAP schema for AD/LDAP integration with the SwiftStack Gateway. Of course, the examples below might need to be adjusted for your LDAP environment. If uncertain, please consult your organization s LDAP administrator. LDAP Setting LDAP enabled LDAP server list Value Checked <FQDN or IP of LDAP servers> LDAP server port 389 LDAP version LDAP base DN LDAP bind DN LDAP bind password LDAP scope 3 (default) <your LDAP base DN> <your LDAP bind DN> <your LDAP bind password> subtree (default) LDAP timeout 5 LDAP bind timeout 5 LDAP referrals LDAP group lookups Checked (default) Unchecked (default) Page 5 of 6

Troubleshooting wbinfo shows AD users/groups, but getent doesn t While winbind is capable of talking to Active Directory to get AD user and group information, the actual gateway relies on its internal Name Services to look up users and groups. Information from winbind is fed into the Name Services via a special winbind libnss. On Ubuntu, this library is provided in a separate package called libnss-winbind. If this package is not installed, username/group resolution will not work. To remedy, manually install this package with the command: $ sudo apt-get install libnss-winbind On CentOS/RHEL, this library is included with the winbind packages, and does not need to be installed separately. Page 6 of 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information