NetVault installed on a Windows or Linux machine can communicate with Microsoft Active Directory (AD). Additionally, NetVault installed on a Linux machine can communicate with OpenLDAP Directory Services and Samba Active Directory. Integrating AD with NetVault enables role-based access control in NetVault. It lets users log in to NetVault using their AD credentials. It also lets AD users manage NetVault users.
• |
Host name of the Linux machine should be set to its FQDN. (For example, mymachine.mydomain.com) |
• |
Samba Winbind: Under the [global] section, smb.conf must have the following entry: |
• |
SSSD: under the [domain/<domain name>] section, sssd.conf must have the following entry: |
• |
Samba Winbind: Under the [global] section, smb.conf must have the following entry: |
• |
SSSD: Under the [domain/<domain name>], to retrieve domain controller groups and to fetch groups from child and trusted domains, respectively, the sssd.conf must have the following entries: |
• |
While logging in or adding a domain user, using the DNS suffix with the domain name is recommended; for example, domain.local\user or username@dns.local. |
• |
In the /etc/pam.d/passwd file, add: |
• |
In the /etc/sssd/sssd.conf file, add: |
• |
• |
No one can change an AD user’s password or set the password to use the Password never expires option. |
• |
A local NetVault Administrator or an AD NetVault user with administrative privileges can change user-based information that is accessed by using the Modify Details option as this information is stored in the NetVault Database. However, if the secure mode is enabled, the NetVault administrator and other users are allowed to edit or change only E-mail 2 and E-mail 3 of an AD NetVault user. |
An administrator can perform the following tasks in NetVault:
The preferred method of adding an AD user is for the applicable user to log in and let NetVault complete the authentication process. However, if you have the applicable privileges, at a minimum, you must have the Users — Administer user accounts privilege, you can manually add the user, where it will also consider the privileges defined to selected user before renaming to AD user.
When you add an AD user to the NetVault Server, NetVault automatically fetches the respective user information from AD and populates it in the NetVault user details. However, on Linux-based NetVault Server, user details are fetched only after the first login and not if the AD user is added manually. On windows based NetVault Server, when you add users manually, the privileges defined for the AD group to which the user belongs are automatically assigned. If the user has an existing local NetVault account, the privileges defined for that account are taken into consideration by NetVault before redefining the local user as an AD user. For more information on adding, updating, and deleting user accounts, see Creating a user account, Modifying a user account, and Deleting a user account.
1 |
In the Navigation pane, click Users and Groups. |
2 |
3 |
4 |
Enter the AD user name in the <domain>\<name> (For example, domain\username) or <name>@<domain> (For example, username@domain.com) format, and click Apply. |
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center