Authentication server
About this task
An authentication server authenticates and manages domain users. The system supports only the Microsoft Active Directory (AD) authentication server. AD offers both LDAP server and domain control services. The domain controller stores the user information, passwords, and computer information for AD. A user can access all permitted resources in a domain with only a username and password. When a user modifies its password, the whole domain can recognize the new password.
Configuration workflow
Add an authentication server on Space Center.
Associate the deployed authentication server with Space Center.
Synchronize the user information on the authentication server to Space Center.
Prerequisites
A Microsoft AD authentication server is deployed and configured with user information.
Restrictions and guidelines
Hosts of ARM architecture do not support the Microsoft AD authentication server.
Add an authentication server
|
The system supports creating multiple Microsoft AD authentication servers. |
From the left navigation pane, select System Settings> Authentication configuration > Auth Servers.
Click Add, and configure the following authentication server parameters:
Name: Specify a name for the authentication server.
Server Address: Specify an IP address or domain name for the authentication server. Make sure that Space Center can ping the specified IP address or domain name successfully. If the authentication server operates in Microsoft AD active/standby domain mode or load balancing mode, leave this field empty to ensure correct active/standby domain switchover or load balancing.
Server Type: Specify the type for the authentication server. Only Microsoft AD authentication server is available.
NETBIOS: Specify a domain name if the domain server version is earlier than Windows 2000.
Server Version: Specify an authentication server version. The value can be 2 or 3 (default).
User Attribute Name: Specify a user attribute name applied when you obtain user information from the authentication server. By default, the user attribute name is sAMAccountName.
Security Control: Configure the connection security settings for the authentication server.
Server Data Update: Select this option to enable safe connection and permit the administrators to manage the users or user groups on the authentication server from Space Center. If you do not select this option, an administrator is not allowed to manage (create, edit, or delete) domain users or user groups from Space Center.
Secure Connection: Use the SSL protocol to connect the domain server.
Port Number: Specify the port number of the authentication server. By default, the port number is 389. If you enable secure connection, the default port number is 636.
Base DN: Obtain the base DN for communicating with the authentication server. Enter the server IP address, and then click Click to obtain Base DN. The system will automatically populate the base DN.
Administrator DN: Specify the administrator DN for communicating with the authentication server.
Administrator Password: Specify the password for communicating with the authentication server.
Click Connectivity Test to examine the connectivity between Space Center and the authentication server.
After testing, click Save.
Edit an authentication server
From the left navigation pane, select System Settings > Authentication configuration > Auth Servers.
Click Edit in the Operate column for the target authentication server.
Click Connectivity Test to examine the connectivity between Space Center and the authentication server.
After testing, click Save.
Delete an authentication server
From the left navigation pane, select System Settings > Authentication configuration > Auth Servers.
Click Delete in the Operate column for the target authentication server.