Filter
Top Products
Chapter 8: User Management
117
Returning User Group Information from Active Directory
Server
The Dominion KX II supports user authentication to Active Directory
(AD) without requiring that users be defined locally on the Dominion
KX II. This allows Active Directory user accounts and passwords to be
maintained exclusively on the AD server. Authorization and AD user
privileges are controlled and administered through the standard
Dominion KX II policies and user group privileges (that are applied
locally to AD user groups).
Note: If you are an existing Raritan, Inc. customer, and have already configured
the Active Directory server by changing the AD schema, Dominion KX II still
supports this configuration, and you do not need to perform the following
operations. Please refer to Appendix B: Updating the LDAP Schema (see
"
Updating the LDAP Schema" on page 197) for information about updating the
AD LDAP schema.
¾
To enable your AD server on the Dominion KX II:
1. Using Dominion KX II, create special groups and assign proper
permissions and privileges to these groups. For example, create
groups such as: KVM_Admin, KVM_Operator.
2. On your Active Directory server, create new groups with the same
group names as in the previous step.
3. On your AD server, assign the Dominion KX II users to the groups
created in step 2.
4. From the Dominion KX II, enable and configure your AD server
properly. Please refer to Implementing LDAP Remote
Authentication (on page
115).
Important Notes:
• Group Name is case sensitive.
• The Dominion KX II provides the following default groups which
can not been changed or deleted: Admin and <Unknown>. Please
verify that your Active Directory server does not use the same group
names.
• If the group information returned from the Active Directory server
does not match a Dominion KX II group configuration, the
Dominion KX II automatically assigns the group of <Unknown> to
users who authenticate successfully.