response received (either positive or negative) it is treated as
definitive.
It does not then
contact further servers because all servers are assumed to have identical content.
Using Transport Layer Security (TLS) with Active Directory
authentication
TLS is a cryptographic protocol which provides security between applications over a
network.
For Active Directory authentication, the SMU supports up to TLS 1.2. It negotiates with
the domain controller to use the highest version of TLS which is common to both.
For TLS, the SMU requires domain controllers to respond on port 389.
Configuring Active Directory servers
Global Administrators can provide information to
configure,
modify, and list Active
Directory servers for authentication on the
Active Directory Servers
page.
Before you begin
In order to enable Active Directory, the SMU administrator needs to know the following
information:
■
The name of the domain from which the Active Directory users and groups will access
the SMU.
■
The LDAP distinguished name and password of an Active Directory user that has read
access to users and groups on the Active Directory servers. This is referred to as the
Search User. The user can search for users or groups under the supplied base
distinguished name.
■
The addresses of one or more Active Directory servers that maintain the users and
groups for the domain. The content of all
configured
servers must be identical. If DNS
servers have been
configured
for the SMU, then the SMU should be able to
automatically discover these server addresses via the
find
servers
button on the
setup page. SRV records must be setup in order for
find
servers
to
find
the Active
Directory servers.
■
The Active Directory group or groups whose members are to be given the right to log
into the SMU.
■
If RADIUS was previously in use and it is to be replaced by Active Directory, then the
RADIUS
configuration
must
first
be removed before Active Directory can be
configured.
This is done from the
Home>SMU Administrator>RADIUS Servers
page
by clicking the
remove all settings
button. No RADIUS user will be able to log into the
SMU after this is done.
Note:
On the NAS system, local users and Active Directory groups can be
created with read-only access. A read-only user has permission to view most
pages of the NAS Manager; however, they are not generally allowed to
perform any actions on the NAS Manager that would create a system or
configuration
change.
Using Transport Layer Security (TLS) with Active Directory authentication
Chapter 5: Setting up security
System Administrator Guide for VSP Gx00 models and VSP Fx00 models
162
Содержание Virtual Storage Platform F400
Страница 18: ......
Страница 30: ...Chapter 1 System administration overview System Administrator Guide for VSP Gx00 models and VSP Fx00 models 30 ...
Страница 202: ...Chapter 8 Configuring audit logs System Administrator Guide for VSP Gx00 models and VSP Fx00 models 202 ...
Страница 362: ...Glossary System Administrator Guide for VSP Gx00 models and VSP Fx00 models 362 ...
Страница 367: ......