Filter
Top Products
Enabling Active Directory Authentication
Join the FluidFS cluster to an Active Directory domain to allow it to communicate with the directory
service.
By default, the FluidFS cluster uses the domain controller returned by Active Directory. Alternatively, you
can designate a domain controller if you want to ensure that the FluidFS cluster uses a specific domain
controller. Adding multiple domain controllers ensures continued authentication of users in the event of
a domain controller failure. If the FluidFS cluster cannot establish contact with the preferred server, it will
attempt to connect to the remaining servers in order.
• An Active Directory service must be deployed in your environment.
• The FluidFS cluster must have network connectivity to the directory service.
• You must be familiar with the Active Directory configuration.
• The FluidFS cluster requires credentials from an Active Directory account for the join operation. The
join operation is the only action for which these credentials are required, and they are not stored or
cached by the FluidFS cluster.
Use one of the following options for the account used to join the FluidFS cluster to the domain:
– Use a Domain Admin account. This is the preferred method.
– Use an account that has the "join a computer to the domain" privilege, as well as having full
control over all computer objects in the domain.
– If both of the above options are unavailable, the minimum requirements for an account are:
* An Organizational Unit (OU) admin that has the "join a computer to the domain" privilege, as
well as having full control over objects within that OU, including computer objects.
* Before joining the FluidFS cluster to the domain, a computer object must be created by the OU
admin for the FluidFS cluster; in the OU privileges to administer are provided. The FluidFS
cluster computer object name, and the NetBIOS name used when joining it, must match.
When creating the FluidFS cluster computer object, in the User or Group field under
permissions to join it to the domain, select the OU admin account. Then, the FluidFS cluster
can be joined using the OU admin credentials.
• FluidFS clusters need read access for the tokenGroups attribute for all users. The default
configuration of Active Directory for all domain computers is to allow read access to the
tokenGroups attribute. If the permission is not given, Active Directory domain users that are in nested
groups or OUs encounter Access Denied errors, and users that are not in nested OUs or groups are
permitted access.
• The Active Directory server and the FluidFS cluster must use a common time server.
• You must configure the FluidFS cluster to use DNS. The DNS servers you specify must be the same as
those your Active Directory domain controllers use.
1. Click the Access Control tab on the left.
2. Click the User Repositories tab on the top.
3. In the Active Directory for CIFS and NFS users Authentication pane, click .
4. Click Join.
The Join Active Directory dialog box appears.
5. In the Active Directory domain name field, type a domain to which to join the FluidFS cluster.
6. (Optional) To add preferred controllers for the join operation and users authentication:
a) Select the Consider these controllers as preferred check box.
b) Type a domain controller host name or IP address in the controllers text field and click Add.
c) Repeat step (b) for each controller you want to add.
77