Administrator Guide
NOTE: To verify that the Data Collector can communicate with the specied directory server(s) using the selected
protocol, click Test.
c In the Base DN eld, type the base Distinguished Name for the LDAP server. This name is the starting point when searching for
users.
d In the Connection Timeout eld, type the maximum time (in minutes) that the Data Collector will wait while attempting to
connect to an LDAP server.
7 (Optional) Congure Kerberos authentication. To allow users to log in with the Client automatically using his or her Windows session
credentials, Kerberos authentication must be congured.
a Select the Kerberos Enabled checkbox.
b In the Kerberos Domain Realm eld, type the Kerberos realm to authenticate against. In Windows networks, this realm is usually
the Windows domain name in uppercase characters.
c (OpenLDAP only) Type the host name or IP address of the Key Distribution Center (KDC) in the KDC Host Name or IP Address
eld.
d In the Data Collector Host Name eld, type the fully qualied domain name (FQDN) of the server that hosts the Data Collector.
8 (Optional — Open LDAP only) If Transport Layer Security (TLS) is enabled, upload a Certicate Authority PEM le...
a Browse to the location of the PEM le, select the le, and click Open. .
The Upload TLS Certicate dialog box opens.
NOTE: If you select the wrong PEM le, click Upload Certicate in the Upload TLS Certicate dialog box to select a
new le
b c. Click OK to upload the certicate.
9 (Active Directory Only) To register the Data Collector on the domain, select Register the Data Collector on the domain.
a Type the user name and password of a domain administrator.
The user name Administrator is not allowed. These credentials are used only to register the Data Collector and are not saved.
b Click OK.
10 To use an existing service account, select Use an existing service account for joining the domain.
a Type the user name and password for the service account.
NOTE
: The existing service account must include a
servicePrincipalName
attribute with the following values in the
form:
HTTP/<host name>dc.<domain>@<realm>
HTTP/<host name>dc.<domain>
These values can be set using the Microsoft setspn.exe tool or the equivalent.
b Click OK.
Troubleshoot Directory Service Discovery
The Data Collector attempts to automatically discover the closest directory service based on the network environment conguration.
Discovered settings are written to a text le for troubleshooting purposes. If discovery fails, conrm that the text le contains values that
are correct for the network environment.
1 On the server that hosts the Data Collector, use a text editor to open the le C:\Program Files (x86)\Compellent Technologies
\Compellent Enterprise Manager\msaservice\directory_settings.txt.
2 Conrm that the values listed in the directory_settings.txt le match the network environment.
3 If the le contains incorrect values, make conguration changes to correct the issue.
a Conrm that the server that hosts the Data Collector is joined to the correct Domain.
b Make sure that DNS SRV records are correctly congured.
c Use Data Collector to discover the directory service again.
4 If the previous step did not correct the issue, select the Enable Manual Conguration checkbox and manually congure directory
service settings. If necessary, contact technical support for assistance.
Data Collector User Management
225