Administrator Guide
d) In the Connection Timeout field, type the maximum time (in minutes) that the Data Collector will wait while attempting to
connect to an LDAP server.
7. (Optional) Configure Kerberos authentication. To allow users to log in with the Client automatically using his or her Windows session
credentials, Kerberos authentication must be configured.
a) Select the Kerberos Enabled checkbox.
b) In the Kerberos Domain Realm field, type the Kerberos realm to authenticate against. In Windows networks, this realm is usually
the Windows domain name in uppercase characters.
c) (OpenLDAP only) Type the host name or IP address of the Key Distribution Center (KDC) in the KDC Host Name or IP Address
field.
d) In the Data Collector Host Name field, type the fully qualified domain name (FQDN) of the server that hosts the Data Collector.
8. (Optional — Open LDAP only) If Transport Layer Security (TLS) is enabled, upload a Certificate Authority PEM file...
a) Browse to the location of the PEM file, select the file, and click Open. .
The Upload TLS Certificate dialog box opens.
NOTE: If you select the wrong PEM file, click Upload Certificate in the Upload TLS Certificate dialog box to select
a new file
b) c. Click OK to upload the certificate.
9. (Active Directory Only) To register the Data Collector on the domain, select Register the Data Collector on the domain.
a) Type the user name and password of a domain administrator.
These credentials are used only to register the Data Collector and are not saved.
b) Click OK.
10. To use an existing service account, select Use an existing service account for joining the domain.
a) Type the user name and password for the service account.
NOTE:
The existing service account must include a
servicePrincipalName
attribute with the following values in
the form:
HTTP/<host name>dc.<domain>@<realm>
HTTP/<host name>dc.<domain>
These values can be set using the Microsoft setspn.exe tool or the equivalent.
b) Click OK.
Troubleshoot Directory Service Discovery
The Data Collector attempts to automatically discover the closest directory service based on the network environment configuration.
Discovered settings are written to a text file for troubleshooting purposes. If discovery fails, confirm that the text file contains values that
are correct for the network environment.
Steps
1. On the server that hosts the Data Collector, use a text editor to open the file C:\Program Files\Dell EMC\Storage
Manager\msaservice\directory_settings.txt.
2. Confirm that the values listed in the directory_settings.txt file match the network environment.
3. If the file contains incorrect values, make configuration changes to correct the issue.
a) Confirm that the server that hosts the Data Collector is joined to the correct Domain.
b) Make sure that DNS SRV records are correctly configured.
c) Use Data Collector to discover the directory service again.
4. If the previous step did not correct the issue, select the Enable Manual Configuration checkbox and manually configure directory
service settings. If necessary, contact technical support for assistance.
Scan for Domains in Local and Trusted Forests
If domains are added or removed from the local forest, or if two-way forest trusts between the local forest and one or more remote
forests are added or removed, use the Data Collector to scan for domains.
Prerequisites
The Data Collector must be configured to authenticate users with an Active Directory directory service and Kerberos.
NOTE: Authentication attempts for Active Directory users may fail while a rescan operation is in progress.
Data Collector User Management 225