RADIUS server, or it may authenticate the user through Active Directory. After
authorization, the SMU allo
ws the user to perform actions allowed by the user's prole.
Active Directory users are assigned full access rights to the SMU functionality.
For local and RADIUS users the user prole details are specied when the user account is
created.
The user prole:
■
Indicates if the user is to be authenticated locally
,or through a RADIUS server.
■
Species the user's access (privilege) level, meaning it species if the user is a:
●
Global administr
ator.
●
Storage administrator.
●
Server administrator.
●
Server+Storage administrator.
■
Species the servers the user is allowed to access.
■
Species if the user has CLI access (for RADIUS and Local Users).
Active Directory user authentication
Active Dir
ectory is an LDAP-compliant hierarchical database of objects. It is very popular
in enterprise environments and is becoming a de facto standard for user authentication.
After Active Directory connection settings and groups have been congured for the SMU,
it will allow logins from enabled users who supply their Active Directory name and
password. This is typically the same name and password that the user would use to log
into Windows and other enterprise applications. Unlike SMU local and RADIUS user
names, Active Directory user names are case-insensitive. Active Directory passwords are
case-sensitive and cannot be changed from the SMU; they are maintained in the Active
Directory server.
There are a number of benets for SMU users. The administrator does not need to
maintain a separate set of user details, because the SMU can just make use of the Active
Directory enterprise user database. Users can login using their usual name and
password instead of having to remember a separate set of credentials for the SMU. And
instead of conguring access for individual users, the SMU administrator just has to
specify the Active Directory groups whose members have login rights.
It is possible to assign more restrictive user levels and managed severs to Active
Directory users according to their group membership. So it is possible to dene a group
of users who have only server level access, for example, or access to a restricted set of
managed HNAS servers.
Although the SMU supports RADIUS and Active Directory for external authentication,
they are mutually exclusive; it is not possible to have them both congured for external
authentication at the same time.
When a login attempt is made, the SMU rst tries to authenticate the credentials as a
local user. If that fails, and Active Directory is congured, they are authenticated as an
Active Directory user.
Active Directory authentication requests are sent to servers in the congured sequential
order. If a successful connection cannot be made to the rst server, it attempts to
contact the second server and so on. When a connection is made and an authentication
Active Directory user authentication
Chapter 5: Setting up security
System Administrator Guide for VSP Gx00 models and VSP Fx00 models 161
To Next Page
Loading...
Need help?
General
