Dell EqualLogic PS6210XS EqualLogic Group Manager Administrator s Guide PS Ser - Page 67
About Active Directory Groups, Add an Active Directory User to the Group
View all Dell EqualLogic PS6210XS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 67 highlights
About Active Directory Groups In addition to local and RADIUS administration, administrator account sessions can be authenticated using Active Directory. Individual Active Directory users, or entire Active Directory groups, can be given access to Group Manager using the same levels of access permission available for local user accounts. Using Active Directory authentication is useful in large SAN environments in which administrators require access to multiple groups. By configuring each PS Series group to use the Active Directory server, you do not need to maintain parallel sets of local accounts for each group. You can configure the group to authenticate accounts using multiple Active Directory servers; if the primary Active Directory server is unavailable due to a connection issue, outage, or disaster event, the extra servers will ensure continued Active Directory authentication of administrator accounts. You can also use Active Directory authentication as an alternative to RADIUS authentication. To use Active Directory authentication, you must first set the group's authentication type to Active Directory, and add one or more Active Directory servers. If you are using Active Directory for authentication, you cannot use RADIUS authentication for the group. You can, however, still create and use locally authenticated user accounts. Add Active Directory Groups To add all accounts in an Active Directory group to the list of administrator accounts: 1. Click Group → Group Configuration. 2. Click the Administration tab. 3. In the Accounts and Groups panel, click Add. The Create administration account dialog box opens. 4. Complete the wizard steps to specify the settings for the new account and click Finish. Add an Active Directory User to the Group Before an Active Directory (AD) user can use single sign-on (SSO) to automatically log in to the PS Series group, an administrator must grant that user permission. You perform the same procedure to grant access to AD groups. 1. Click Group → Group Configuration. 2. Click the Administration tab. 3. In the Accounts and Groups panel, click Add. The Create Administration Account wizard opens, showing step 1 - General Settings. 4. Select Active Directory user. To add an AD group, select Active Directory group. (When using single sign-on, the group name cannot contain more than 19 characters.) 5. In the General Settings section, specify the user name of the PS Series group for the AD user. Each user name must be unique. Click the Check name button to make sure the name that you specified is not already in use. 6. Complete the required fields in each remaining step of the wizard until you reach the Summary page. 7. Confirm that the settings are correct and click Finish to create the AD user. NOTE: If you log in to Windows using your Active Directory credentials, you will be logged in to the PS Series group automatically without re-authenticating. Change the Active Directory Group Name Before you change the name of a PS Series group that has already been configured for single sign-on, Dell recommends that you leave the current Active Directory (AD) domain, change the group name, and then join the AD domain again using the new name. NOTE: When using single sign-on, the group name cannot contain more than 19 characters. About Group-Level Security 67