response received (either positive or negative) it is treated as deî ´nitive. It does not then
contact further servers because all servers ar
e assumed to have identical content.
Using Transport Layer Security (TLS) with Active Directory
authentication
TLS is a cryptographic protocol which provides security between applications over a
network.
For Active Directory authentication, the SMU supports up to TLS 1.2. It negotiates with
the domain controller to use the highest version of TLS which is common to both.
For TLS, the SMU requires domain controllers to respond on port 389.
Configuring Active Directory servers
Global Administrators can provide information to conî ´gure, modify, and list Active
Directory servers for authentication on the Active Directory Servers page.
Before you begin
In order to enable Active Directory, the SMU administrator needs to know the following
information:
â–
The name of the domain from which the Active Directory users and groups will access
the SMU.
â–
The LDAP distinguished name and password of an Active Directory user that has read
access to users and groups on the Active Directory servers. This is referred to as the
Search User. The user can search for users or groups under the supplied base
distinguished name.
â–
The addresses of one or more Active Directory servers that maintain the users and
groups for the domain. The content of all conî ´gured servers must be identical. If DNS
servers have been conî ´gured for the SMU, then the SMU should be able to
automatically discover these server addresses via the î ´nd servers button on the
setup page. SRV records must be setup in order for î ´nd servers to î ´nd the Active
Directory servers.
â–
The Active Directory group or groups whose members are to be given the right to log
into the SMU.
â–
If RADIUS was previously in use and it is to be replaced by Active Directory, then the
RADIUS conî ´guration must î ´rst be removed before Active Directory can be
conî ´gured. This is done from the Home>SMU Administrator>RADIUS Servers page
by clicking the remove all settings button. No RADIUS user will be able to log into the
SMU after this is done.
Note: On the NAS system, local users and Active Dir
ectory groups can be
created with read-only access. A read-only user has permission to view most
pages of the NAS Manager; however, they are not generally allowed to
perform any actions on the NAS Manager that would create a system or
conî ´guration change.
Using Transport Layer Security (TLS) with Active Directory authentication
Chapter 5: Setting up security
System Administrator Guide for VSP Gx00 models and VSP Fx00 models 162
To Next Page
Loading...
Need help?
General
