Administrator Guide
7. (Optional) Manually configure the directory service settings.
a) From the Type drop-down menu, select Active Directory or OpenLDAP.
b) In the Directory Servers field, type the fully qualified domain name (FQDN) of each directory server on a separate line.
NOTE: To verify that the Data Collector can communicate with the specified directory server(s) using the
selected protocol, click Test.
c) In the Base DN field, type the base Distinguished Name for the LDAP server. This name is the starting point when searching for
users.
d) In the Connection Timeout field, type the maximum time (in minutes) that the Data Collector will wait while attempting to
connect to an LDAP server.
8. (Optional) Configure Kerberos authentication. To allow users to log in with the Client automatically using his or her Windows session
credentials, Kerberos authentication must be configured.
a) Select the Kerberos Enabled checkbox.
b) In the Kerberos Domain Realm field, type the Kerberos realm to authenticate against. In Windows networks, this realm is usually
the Windows domain name in uppercase characters.
c) (OpenLDAP only) Type the host name or IP address of the Key Distribution Center (KDC) in the KDC Host Name or IP Address
field.
d) In the Data Collector Host Name field, type the fully qualified domain name (FQDN) of the server that hosts the Data Collector.
9. (Optional — Open LDAP only) If Transport Layer Security (TLS) is enabled, upload a Certificate Authority PEM file...
a) Browse to the location of the PEM file, select the file, and click Open. .
The Upload TLS Certificate dialog box opens.
NOTE: If you select the wrong PEM file, click Upload Certificate in the Upload TLS Certificate dialog box to select
a new file
b) c. Click OK to upload the certificate.
10. (Active Directory Only) To register the Data Collector on the domain, select Register the Data Collector on the domain.
a) Type the user name and password of a domain administrator.
These credentials are used only to register the Data Collector and are not saved.
b) Click OK.
11. To use an existing service account, select Use an existing service account for joining the domain.
a) Type the user name and password for the service account.
NOTE:
The existing service account must include a
servicePrincipalName
attribute with the following values in
the form:
HTTP/<host name>dc.<domain>@<realm>
HTTP/<host name>dc.<domain>
These values can be set using the Microsoft setspn.exe tool or the equivalent.
b) Click OK.
Troubleshoot Directory Service Discovery
The Data Collector attempts to automatically discover the closest directory service based on the network environment configuration.
Discovered settings are written to a text file for troubleshooting purposes. If discovery fails, confirm that the text file contains values that
are correct for the network environment.
Steps
1. On the server that hosts the Data Collector, use a text editor to open the file C:\Program Files\Dell EMC\Storage
Manager\msaservice\directory_settings.txt.
2. Confirm that the values listed in the directory_settings.txt file match the network environment.
3. If the file contains incorrect values, make configuration changes to correct the issue.
a) Confirm that the server that hosts the Data Collector is joined to the correct Domain.
b) Make sure that DNS SRV records are correctly configured.
c) Use Data Collector to discover the directory service again.
4. If the previous step did not correct the issue, select the Enable Manual Configuration checkbox and manually configure directory
service settings. If necessary, contact technical support for assistance.
620
Storage Manager User Management