User guide
Remote Authentication
66
11. ActiveDirectoryDomain.TypethenameoftheActiveDirectory
Domain.
Returning User Group Information from Active Directory Server
TheKXII‐101supportsuserauthenticationtoActiveDirectory(AD)
withoutrequiringthatusersbedefinedlocallyontheKXII‐101.This
allowsActiveDirectoryuseraccountsandpasswordstobemaintained
exclusivelyontheADserver.AuthorizationandADuserprivilegesare
controlledandadministeredthroughthestandardKXII‐10
1policiesand
usergroupprivileges(thatareappliedlocallytoADusergroups).
Note:IfyouareanexistingRaritan,Inc.customer,andhavealready
configuredtheActiveDirectoryserverbychangingtheADschema,KX
II‐101stillsupportsthisconfiguration,andyoudonotneedtoperform
thefollowingoperations.PleaserefertoUpdatingtheLDAPSchema(on
page69)forinf
ormationaboutupdatingtheADLDAPschema.
¾ To enable your AD server on the KX II-101:
1. UsingKXII‐101,createspecialgroupsandassignproper
permissionsandprivilegestothesegroups.Forexample,create
groupssuchas:KVM_Admin,KVM_Operator.
2. OnyourActiveDirectoryserver,createnewgroupswiththesame
groupnamesasinthepreviousstep.
3. OnyourADserver,assigntheKXII‐10
1userstothegroupscreated
instep2.
4. FromtheKXII‐101,enableandconfigureyourADserverproperly.
RefertoImplementingLDAPRemoteAuthentication.
ImportantNotes:
• GroupNameiscasesensitive.
• TheKXII‐101providesthefollowingdefaultgroupswhichcannot
beenchangedordeleted:Adminand<Unknown>.Pleaseverifythat
yourActiveDirectoryserverdoesnotusethesamegroupnames.
• IfthegroupinformationreturnedfromtheActiveDirectoryserver
doesnotma
tcha KXII‐101groupconfiguration,theKXII‐101
automaticallyassignsthegroupof<Unknown>touserswho
authenticatesuccessfully.