Administrator Guide

10. (Optional) Select the Enabled checkbox to enable Kerberos authentication.
11. To change any of the Kerberos settings, clear the Auto-Discover checkbox, and then type a new value into that field.
Kerberos Domain Realm: Kerberos domain realm to authenticate against. In Windows networks, this is the domain name in
uppercase characters.
KDC Hostname or IP Address: Fully qualified domain name (FQDN) or IP address of the Key Distribution Center (KDC) to which
Storage Center will connect.
Password Renew Rate (Days): Number of days before the keytab is regenerated. The default value is 0, which equates to a
password renew rate of 14 days.
12. Click Next.
The Join Domain page opens.
13. Type the user name and password of a domain administrator.
14. Click Next.
The Summary page opens.
15. If you want to change any setting, click Back to return to the previous page.
16. Click Finish.
17. Click OK.
Configure Directory Services Manually
Use the Directory Service Manual Configuration wizard to enter directory service settings manually. Use manual configuration for
OpenLDAP or special Active Directory configurations.
1. If you are connected to a Data Collector, select a Storage Center from the drop-down list in the left navigation pane of Unisphere
2. Click Summary.
The Summary view is displayed.
3. Click (Settings).
The Storage Center Settings dialog box opens.
4. Click the Directory Services tab.
5. Click Configure Directory Services Manually.
The Directory Services Manual Configuration Wizard opens.
6. From the Directory Type drop-down menu, select Active Directory or OpenLDAP.
7. Type the settings for the directory server.
In the URI field, type the uniform resource identifier (URI) for one or more servers to which Storage Center connects.
Use the fully qualified domain name (FQDN) of the servers.
Example URIs for two servers:
ldap:// ldap://
Adding multiple servers ensures continued authorization of users in the event of a resource outage. If
Storage Center cannot establish contact with the first server, Storage Center attempts to connect to the
remaining servers in the order listed.
In the Directory Server Connection Timeout field, type the maximum time (in minutes) that Storage Center waits while
attempting to connect to an Active Directory server. This value must be greater than zero.
In the Base DN field, type the base distinguished name for the LDAP server. The Base DN is the starting point when searching for
In the Relative Base field, type the Relative Base information. A Relative Base is a list of Relative Distinguished Names (RDN)
prepended to the Base DN, indicating where the controller should be joined to the domain. An RDN contains an attribute and a
value, such as:
OU=SAN Controllers
OU is the attribute, and SAN Controllers is the value.
The following special characters used within an RDN value must be escaped using a backslash:
, + " \ < > ; = / CR and LF
Storage Center Maintenance