立即与支持人员聊天
与支持团队交流

KACE Systems Deployment Appliance 9.2 Common Documents - Administrator Guide

About the KACE Systems Deployment Appliance Getting started Using the Dashboard Configuring the appliance Setting up user accounts and user authentication Configuring security settings Preparing for deployment Managing device inventory Using labels Creating a Windows or Linux Boot Environment Managing drivers Capturing images Capturing user states Creating scripted installations Creating a task sequence Automating deployments Performing manual deployments Managing custom deployments Managing offline deployments About the Remote Site Appliance Importing and exporting appliance components Managing disk space Troubleshooting appliance issues Updating appliance software Glossary About us Legal notices

Configure an LDAP server for user authentication

Configure an LDAP server for user authentication

LDAP authentication requires creating a login account for the appliance on your LDAP server. The appliance uses this account to read and import user information from the LDAP server. The account needs read-only access to the Search Base DN field on the LDAP server. The account does not require write access, because the appliance does not write to the LDAP server.

For information on adding user accounts to the appliance, see Add or edit local administrator accounts.

When logging in, the appliance automatically queries the listed external servers. The timeout for a server is approximately 10 seconds. To decrease login delays, Quest KACE recommends deleting the sample LDAP server.

1.
On the left navigation pane, click Settings, then click User Authentication to display the Authentication Settings.
2.
Select External LDAP Server Authentication and click Add New Server.

Field

Description

Server Friendly Name

The name to identify the server.

Server Host Name (or IP)

The IP address or the host name of the LDAP server. If the IP address is not valid, the appliance waits to timeout, resulting in login delays during LDAP authentication.

If you have a non-standard SSL certificate installed on your LDAP server, such as an internally-signed certificate or a chain certificate that is not from a major certificate provider such as VeriSign, contact Quest KACE Technical Support at https://support.quest.com/contact-support for assistance.

LDAP Port Number

The LDAP port number. The default is 636 (secure LDAP). The non-secure LDAP port 389 can also be used, however keep in mind that such connections can easily expose user names and passwords to malicious parties, and as such should be avoided.

Search Base DN

The area of the LDAP tree that the appliance should start to search for users. For example to search for the IT group, specify

OU=it,DC=company,DC=com.

Search Filter

The search filter, for example:LDAP_attribute=KBOX_USER, where LDAP_attribute is the name of the attribute containing a unique user ID and KBOX_USER is a variable that the appliance replaces at runtime with the login ID that you enter. For example when using Active Directory, enter samaccountname=KBOX_USER. For most other LDAP servers, enter UID=KBOX_USER.

LDAP Login

The credentials of the account that the appliance uses to log in to the LDAP server to read accounts. For example: LDAP Login:CN=service_account,CN=Users, DC=company,DC=com. If no username is provided, an anonymous bind is attempted.

LDAP Password (if required)

The password of the account that the appliance uses to log in to the LDAP server.

User Permissions

The user permissions.

Admin: Read/write access to the Administrator Console.
ReadOnly Admin: View all pages; no change access.

Test User Password

The LDAP username and password to test on the LDAP server. See Test the LDAP server.

Record the Search Base DN and the Search Filter criteria because you use this same information to import user data and to schedule user imports.
4.
Recommended: Click the Remove icon next to any external servers that are not configured to actual servers in your environment.
5.
Click Save.

The next time users log in, they are authenticated against the LDAP servers in the order listed.

Test the LDAP server

Test the LDAP server

You can test authentication on the LDAP server using a valid username and password to determine if the server is able to perform a successful authentication.

2.
In Search Filter, replace the KBOX_USER variable with a valid login ID to test. The syntax is samaccountname=username.
4.
Click Test Settings.
5.
Change the username in Search Filter back to the system variable KBOX_User.

Delete user accounts

Delete user accounts

You can delete user accounts.

1.
On the left navigation pane, click Settings > Control Panelto display the Control Panel, then click Users to display the Users page.
3.
Select Choose Action > Delete.
4.
Click Yes to confirm.

Reviewing user sessions

Reviewing user sessions

The KACE Systems Deployment Appliance and the Remote Site Appliance keep track of your user sessions. You can review a list of the most recent sessions, or see all sessions for a specific appliance.

To allow the appliance to display the location associated with the logged-in user's public IP address, you must install a location database. See Install and configure the location database.

You can see all of your user sessions on the Recent Sessions page. For a quick list of the latest sessions, use the My Recent Sessions pane. See View a list of user sessions.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级