Chat now with support
Chat with Support

Welcome, ApexSQL customers to Quest Support Portal click here for for frequently asked questions regarding servicing your supported assets.

KACE Systems Deployment Appliance 7.0 Common Documents - Administrator Guide

About the KACE Systems Deployment Appliance Getting started Using the Dashboard Configuring the KACE SDA Setting up user accounts and user authentication Configuring security settings Preparing for deployment Managing device inventory Using labels Creating a Windows or Linux Boot Environment Managing drivers Capturing images Capturing user states Creating scripted installations Creating a task sequence Automating deployments Performing manual deployments Managing custom deployments Imaging Mac devices About the Remote Site Appliance Importing and exporting appliance components Managing disk space Troubleshooting appliance issues Updating appliance software Glossary About us Legal notices

Setting up user accounts and user authentication

You can add user accounts to the KACE SDA and set up the accounts using local authentication. If you require external user authentication, such as an LDAP or an Active Directory® server, you can configure an external server to enable users to log in to the Administrator Console using their domain credentials.

Add or edit local administrator accounts

Add or edit local administrator accounts

You can create and edit local administrator user accounts. Adding users to the KACE SDA database stores the user information locally and requires only the user name, email address, password, and permissions.

1.
On the left navigation pane, click Settings to display the Control Panel, then click Users to display the Users page.
2.
Select Choose Action > New to display the User Detail page.

Option

Description

User Name

Required: Enter a login ID.

Full Name

Required: Enter the first and last name of the user.

Email

Required: Enter the email address of the user.

Domain

Enter the domain that the user is using.

Budget Code

Optional: Enter the budget code of the department where the user is located.

Location

Optional: Enter the site or location of the user.

Password

Required: Enter the default password for the user. The password is required to activate the user. If the Password field is blank, the user cannot log in to the Administrator Console.

Confirm Password

Re-enter the password.

Permissions

Role of the user on this appliance. Administrators have full read/write access. Read-only administrators can log in and view settings and run reports; they cannot access the Administrator Console.

Select the permissions:

Admin: Read/write access to the Administrator Console.
ReadOnly Admin: View all pages; no change access.
4.
Optional: Click Cancel to close the page.
5.
Click Save.

The user appears in the local account list and can now log in to the Administrator Console.

Configure an LDAP server for user authentication

Configure an LDAP server for user authentication

LDAP authentication requires creating a login account for the KACE SDA on your LDAP server. The appliance uses this account to read and import user information from the LDAP server. The account needs read-only access to the Search Base DN field on the LDAP server. The account does not require write access, because the appliance does not write to the LDAP server.

For information on adding user accounts to the KACE SDA, see Add or edit local administrator accounts.

When logging in, the appliance automatically queries the listed external servers. The timeout for a server is approximately 10 seconds. To decrease login delays, Quest KACE recommends deleting the sample LDAP server.

1.
On the left navigation pane, click Settings, then click User Authentication to display the Authentication Settings.
2.
Select External LDAP Server Authentication and click Add New Server.

Field

Description

Server Friendly Name

The name to identify the server.

Server Host Name (or IP)

The IP address or the host name of the LDAP server. If the IP address is not valid, the appliance waits to timeout, resulting in login delays during LDAP authentication.

If you have a non-standard SSL certificate installed on your LDAP server, such as an internally-signed certificate or a chain certificate that is not from a major certificate provider such as VeriSign, contact Quest KACE Technical Support at https://support.quest.com/contact-supportvfor assistance.

LDAP Port Number

The LDAP port number, which is usually 389 (LDAP) or 636 (secure LDAP).

Search Base DN

The area of the LDAP tree that the appliance should start to search for users. For example to search for the IT group, specify

OU=it,DC=company,DC=com.

Search Filter

The search filter, for example:LDAP_attribute=KBOX_USER, where LDAP_attribute is the name of the attribute containing a unique user ID and KBOX_USER is a variable that the appliance replaces at runtime with the login ID that you enter. For example when using Active Directory, enter samaccountname=KBOX_USER. For most other LDAP servers, enter UID=KBOX_USER.

LDAP Login

The credentials of the account that the KACE SDA uses to log in to the LDAP server to read accounts. For example: LDAP Login:CN=service_account,CN=Users, DC=company,DC=com. If no username is provided, an anonymous bind is attempted.

LDAP Password (if required)

The password of the account that the KACE SDA uses to log in to the LDAP server.

User Permissions

The user permissions.

Admin: Read/write access to the Administrator Console.
ReadOnly Admin: View all pages; no change access.

Test User Password

The LDAP username and password to test on the LDAP server. See Test the LDAP server.

Record the Search Base DN and the Search Filter criteria because you use this same information to import user data and to schedule user imports.
4.
Recommended: Click the Remove icon next to any external servers that are not configured to actual servers in your environment.
5.
Click Save.

The next time users log in, they are authenticated against the LDAP servers in the order listed.

Test the LDAP server

Test the LDAP server

You can test authentication on the LDAP server using a valid username and password to determine if the server is able to perform a successful authentication.

2.
In Search Filter, replace the KBOX_USER variable with a valid login ID to test. The syntax is samaccountname=username.
4.
Click Test Settings.
5.
Change the username in Search Filter back to the system variable KBOX_User.
Related Documents