User guide

Remote Authentication

11. ActiveDirectoryDomain.TypethenameoftheActiveDirectory

Domain.

Returning User Group Information from Active Directory Server

TheKXII‐101supportsuserauthenticationtoActiveDirectory(AD)

withoutrequiringthatusersbedefinedlocallyontheKXII‐101.This

allowsActiveDirectoryuseraccountsandpasswordstobemaintained

exclusivelyontheADserver.AuthorizationandADuserprivilegesare

controlledandadministeredthroughthestandardKXII‐10

1policiesand

usergroupprivileges(thatareappliedlocallytoADusergroups).

Note:IfyouareanexistingRaritan,Inc.customer,andhavealready

configuredtheActiveDirectoryserverbychangingtheADschema,KX

II‐101stillsupportsthisconfiguration,andyoudonotneedtoperform

thefollowingoperations.PleaserefertoUpdatingtheLDAPSchema(on

page69)forinf

ormationaboutupdatingtheADLDAPschema.

¾ To enable your AD server on the KX II-101:

1. UsingKXII‐101,createspecialgroupsandassignproper

permissionsandprivilegestothesegroups.Forexample,create

groupssuchas:KVM_Admin,KVM_Operator.

2. OnyourActiveDirectoryserver,createnewgroupswiththesame

groupnamesasinthepreviousstep.

3. OnyourADserver,assigntheKXII‐10

1userstothegroupscreated

instep2.

4. FromtheKXII‐101,enableandconfigureyourADserverproperly.

RefertoImplementingLDAPRemoteAuthentication.

ImportantNotes:

• GroupNameiscasesensitive.

• TheKXII‐101providesthefollowingdefaultgroupswhichcannot

beenchangedordeleted:Adminand<Unknown>.Pleaseverifythat

yourActiveDirectoryserverdoesnotusethesamegroupnames.

• IfthegroupinformationreturnedfromtheActiveDirectoryserver

doesnotma

tcha KXII‐101groupconfiguration,theKXII‐101

automaticallyassignsthegroupof<Unknown>touserswho

authenticatesuccessfully.