Set Authentication Server
Overview
This function sets the Active Directory authentication server and the LDAP authentication server that are used for the NAS function.
By setting the Active Directory authentication server, access to the directories and files for users can be managed with the CIFS protocol. If local user authentication is being used, the local user settings and the local group settings must be deleted in advance.
By setting the LDAP authentication server, access to the directories and files for users can be managed with the NFS protocol.
This function is used in a Unified Storage environment.
The NAS interface settings must be completed in advance. Refer to the [Create NAS Interface] function for details.
Make sure to access the authentication server from both CMs (CM#0 and CM#1) to enable communications in advance.
"Enable communication" indicates that both CMs satisfy all of the following conditions.
An IP address is assigned to at least one port. Refer to the [Create NAS Interface] function for details.
Communication between the port assigned with an IP address and the authentication server is enabled (the port is in a Link up status). To check the link status, use the [Channel Adapter] function.
To set a new authentication server, the following information must also be specified; the domain name, the domain administrator, and one or more servers among the three authentication servers.
Specify the authentication server with an IP address or an FQDN. To specify an authentication server with an FQDN, a DNS server for name resolution is required. The DNS server settings must be performed before configuring the authentication server. Refer to the [Set DNS Server] function for details. Note that the DNS server must be set up to use the Active Directory authentication server. Therefore, to use the Active Directory authentication server, make sure to set the DNS server with the [Set DNS Server] function. If the DNS server is not set, the Active Directory authentication server is temporarily used as a DNS server.
To use the Active Directory authentication server, time synchronization is required between the storage system and the Active Directory authentication server. Using NTP for automatic time correction is recommended. Refer to the [Modify Date and Time] function for details.
If the authentication server setup has not been completed successfully, wait for the system status to return to normal and then try again.
This function cannot be executed if the local user authentication is used. Delete all the local users and local groups before using this function. However, there is no need to delete the BUILTIN groups (or "BUILTIN_Administrators", "BUILTIN_Users", "BUILTIN_BackupOperators").
To use the CIFS protocol, set the Active Directory authentication server.
To use the NFS protocol, set the LDAP authentication server.
To use both the CIFS protocol and the NFS protocol, refer to "Configuration/Operation Guide (NAS)" for details.
To delete the Active Directory authentication settings, clear all of the setting fields and complete the setup.
To delete the LDAP authentication settings, clear all of the setting fields and complete the setup.
User Privileges
Availability of Executions in the Default Role
| Default role | Availability of executions |
|---|---|
| Monitor | |
| Admin | |
| StorageAdmin | |
| AccountAdmin | |
| SecurityAdmin | |
| Maintainer |
Refer to "User Roles and Policies" for details on the policies and roles.
Settings
Active Directory Authentication Settings
| Item | Description | Setting values |
|---|---|---|
Domain Name |
Input the domain name of the Active Directory authentication server. |
Alphanumeric characters and symbols (0x20 - 0x7E in the US-ASCII format) (except the question mark (0x3F) and the backslash (0x5C)) Up to 255 characters |
Domain Administrator |
Input the administrator name for the Active Directory authentication server management. Caution
|
Alphanumeric characters and symbols (0x20 - 0x7E in the US-ASCII format) (except the question mark (0x3F) and the backslash (0x5C)) Up to 255 characters |
Change Password |
To change the administrator password for the Active Directory authentication server, select the checkbox. |
Selected: Change Cleared |
Domain Administrator's Password |
Input the administrator password for the Active Directory authentication server management. When the domain administrator's password is specified, select the "Change Password" checkbox. |
Alphanumeric characters and symbols (0x20 - 0x7E in the US-ASCII format) (except the question mark (0x3F) and the backslash (0x5C)) Up to 255 characters |
Confirm Password |
Input the same password as the "Domain Administrator's Password" field for the Active Directory authentication server. |
Alphanumeric characters and symbols (0x20 - 0x7E in the US-ASCII format) (except the question mark (0x3F) and the backslash (0x5C)) Up to 255 characters |
Authentication Server (1) |
Input the IPv4 address, the IPv6 address, or the FQDN of the Active Directory authentication server. The following IPv6 addresses can be used; "global address" or "unique local address". |
Alphanumeric characters and symbols (in the US-ASCII format) The following list shows the available characters:
Up to 255 characters |
Authentication Server (2) |
Input the IPv4 address, the IPv6 address, or the FQDN of the Active Directory authentication server. The following IPv6 addresses can be used; "global address" or "unique local address". |
Alphanumeric characters and symbols (in the US-ASCII format) The following list shows the available characters:
Up to 255 characters |
Authentication Server (3) |
Input the IPv4 address, the IPv6 address, or the FQDN of the Active Directory authentication server. The following IPv6 addresses can be used; "global address" or "unique local address". |
Alphanumeric characters and symbols (in the US-ASCII format) The following list shows the available characters:
Up to 255 characters |
LDAP Authentication Settings
| Item | Description | Setting values |
|---|---|---|
Domain Name |
Input the domain name of the LDAP authentication server. |
Alphanumeric characters and symbols (0x20 - 0x7E in the US-ASCII format) (except the question mark (0x3F) and the backslash (0x5C)) Up to 255 characters |
Domain Administrator |
Input the administrator name for the LDAP authentication server management. Caution
|
Alphanumeric characters and symbols (0x20 - 0x7E in the US-ASCII format) (except the question mark (0x3F) and the backslash (0x5C)) Up to 255 characters |
Change Password |
To change the administrator password for the LDAP authentication server, select the checkbox. |
Selected: Change Cleared |
Domain Administrator's Password |
Input the administrator password for the LDAP authentication server management. When the domain administrator's password is specified, select the "Change Password" checkbox. |
Alphanumeric characters and symbols (0x20 - 0x7E in the US-ASCII format) (except the question mark (0x3F) and the backslash (0x5C)) Up to 255 characters |
Confirm Password |
Input the same password as the "Domain Administrator's Password" field for the LDAP authentication server. |
Alphanumeric characters and symbols (0x20 - 0x7E in the US-ASCII format) (except the question mark (0x3F) and the backslash (0x5C)) Up to 255 characters |
Authentication Server (1) |
Input the IPv4 address, IPv6 address, or the FQDN of the LDAP authentication server. The following IPv6 addresses can be used; "global address" or "unique local address". |
Alphanumeric characters and symbols (in the US-ASCII format) The following list shows the available characters:
Up to 255 characters |
Authentication Server (2) |
Input the IPv4 address, IPv6 address, or the FQDN of the LDAP authentication server. The following IPv6 addresses can be used; "global address" or "unique local address". |
Alphanumeric characters and symbols (in the US-ASCII format) The following list shows the available characters:
Up to 255 characters |
Authentication Server (3) |
Input the IPv4 address, IPv6 address, or the FQDN of the LDAP authentication server. The following IPv6 addresses can be used; "global address" or "unique local address". |
Alphanumeric characters and symbols (in the US-ASCII format) The following list shows the available characters:
Up to 255 characters |
Operating Procedures
Click [Set Authentication Server] in [Action].
Specify parameters, and click the [Set] button.
→ A confirmation screen appears.
Caution- An error screen appears in the following conditions:
The authentication server information cannot be obtained
Each parameter fails to satisfy the input conditions
- An error screen appears in the following conditions:
Click the [OK] button.
→ Authentication server setting starts.
Click the [Done] button to return to the [Environment Settings] screen.