Administrator Guide
ensure that the FluidFS cluster uses a specic domain controller. Adding multiple domain controllers ensures continued
authentication of users in the event of a domain controller failure. If the FluidFS cluster cannot establish contact with the preferred
server, it will attempt to connect to the remaining servers in order.
Prerequisites
• An Active Directory directory service must be deployed in your environment.
• The FluidFS cluster must have network connectivity to the directory service.
• You must be familiar with the Active Directory conguration.
• The FluidFS cluster requires credentials from an Active Directory account for the join operation. The join operation is the only
time these credentials are required. They are not stored or cached by the FluidFS cluster.
Use one of the following options for the account used to join the FluidFS cluster to the domain:
– Use a Domain Admin account (preferred method).
– Use an account that has been delegated the "join a computer to the domain" privilege, as well as being delegated full control
over all computer objects in the domain.
– If both of the previous options are unavailable, the minimum requirements for an account are as follows:
* An Organizational Unit (OU) admin that has been delegated the "join a computer to the domain" privilege, as well as
being delegated full control over objects within that OU, including computer objects.
* Before joining the FluidFS cluster to the domain, a computer object must be created by the OU admin for the FluidFS
cluster; privileges to administer are provided in the OU. The FluidFS cluster computer object name, and the NetBIOS
name used when joining it, must match. When creating the FluidFS cluster computer object, in the User or Group eld
under permissions to join it to the domain, select the OU admin account. Then, the FluidFS cluster can be joined using
the OU admin credentials.
• FluidFS clusters need read access for the tokenGroups attribute for all users. The default conguration of Active Directory for all
domain computers is to allow read access to the tokenGroups attribute. If the permission is not given, Active Directory domain
users that are in nested groups or OUs encounter Access Denied errors, and users that are not in nested OUs or groups are
permitted access.
• The Active Directory server and the FluidFS cluster must use a common source of time.
• You must congure the FluidFS cluster to use DNS. The DNS servers you specify must be the same DNS servers that your
Active Directory domain controllers use.
Steps
1. Click the Storage view and select a FluidFS cluster.
2. Click the File System tab, expand Environment and select Authentication.
3. In the right pane, click the Directory Services tab.
4. Click Congure External User Database. The Edit External User Database dialog box appears.
5. Click Join Domain. The Join Domain dialog box appears. If you have already joined Active Directory, the Join operation is
hidden. You must leave the domain to see the option to join.
6. In the Domain eld, type a domain to join the FluidFS cluster to.
7. In the Username eld, type an Active Directory account name.
8. In the Password eld, type the Active Directory account password.
9. Click OK.
Related link
Managing the System Time
Managing DNS Servers and Suxes
Managing the System Time
Managing DNS Servers and Suxes
546
FluidFS Account Management and Authentication