5230 Appliance - AD/LDAP Integration
I have a number of 5230 appliances installed (3 sites / 3 domains) and have just upgraded each to 2.7.2 (7.7.2 NBU).
Each appliance is a Master/Media.
As we have now had to switch over to the Java Admin Console, I have a challenge regarding authentication to the appliances each time an admin logs on.
As a temporary measure I have created a local user on each appliance and given this to the admins, and they use this to authenticate each time the log into the Java admin console. However, I want for them to be able to use their AD credentials as this is more secure with passwords etc. being managed by the Windows domain.
I have researched the options, and found some information regarding the LDAP option. This however appears to need Unix roles added to the DC and a NIS domain creating. This is messy, seems a lot of work, and it not justifyable in terms of risk and time involved.
There is also an AD integration option in 7.7, but I cannot find any good infomation relating to this and when i try and configure it simply fails immediately with no useful information (any idea where the logs are for this). This would be my preferred option.
Has anyone any experience of this - setting up AD integration between a Symantec appliance and Windows AD ?
Any input appreciated.
AJ.
Resolution found for this 'challenge' - turns out to be very straightforward.
Video here: https://www.youtube.com/watch?v=InjK-3OCftc
Summary: perform from CLISH
SETTINGS/SECURITY
Authentication
Activedirectory
Configure domain name (provide user, password will be requested)
Groups (add AD group) or Users (add AD user)
List to show the active groups or users
then
Authorization
Grant administrator group group-name (or grant CLi access)
List to show what the current users / groups are authorized for
AJ
