cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Add LDAP authentication for 5230 appliance

Go to solution
jeorainc
Level 4

‎05-14-2014 01:42 AM

hi all,

Using NBU 5230 appliance as master server, version 2.6.0.1

I have read the admin guide on how to add the LDAP config. I would like to join the appliance to our AD server.

I am not sure on the format to input to which field, any example please? The example from guide is just too vague.

 

For Base DN / Bind DN,

"OU=abc def,DC=com" or OU="abc def",DC="com" or OU=abc def,DC=com?

Any space allowed for common user name / common group name? Do we need "' to cover the entries with spaces?

The guide just didn't mention in details, and we tried a lot combinations but still failed. Any successful example please share~~

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Mark_Solutions
Level 6
Partner Accredited Certified

‎05-14-2014 02:05 AM

I am afraid there is way more to it than just running that command - the last customer i dealt with that wanted this gave up!

Here is the information given to me by Support when i looked at it - hope this helps:

You must first install the Roles for Identity Management for UNIX by installing the 'Administration Tools' and 'Server for Network Information Services' roles. This Microsoft Technote details how to install the roles in question.
http://technet.microsoft.com/en-us/library/cc731178.aspx


Once your NIS enabled Domain is up and running, you need to edit fields in the Unix Attributes tab for both the account you wish to use for LDAP and a group that it is a part of.

Open Active directory and find a group that the account you wish to use is a part of Under the 'UNIX Attributes' tab select your domain from the 'NIS Domain" dropdown then click OK

Then find the account you wish to use and go into the UNIX attributes tab Again select your domain from the 'NIS Domain' dropdown and confirm the group in the 'Primary group name/GID' is the same group used in 2a Then go back to the group selected and go back to the 'UNIX Attributes' tab Here click on the Add button underneath the 'Members:' field Select the user, click Add, then click OK and OK

Configure the Appliance for LDAP Authentication Log into the Appliance Web Interface Then go into Settings > Authentication Select the New Server Configuration radio button I attached a screenshot from an example Active Directory user and group that has been configured with NIS Domain information.


Here are what the LDAP configuration fields would be in this environment

Server Name/IP: DC2012.testlab.pvt
Base DN: dc=DC2012,dc=tesetlab,dc=pvt
Bind DN: "cn=SVC-NetBackup,cn=Managed Service Accounts,dc=DC2012,dc=testlab,dc=pvt" (Double quotes were used because the Managed Service Accounts container contained spaces. If there are no spaces in any of the used attributes, no quotes are needed)
Password: <password of SVC-NetBackup account> Common User Name: NetBackup Service Account Common Group Name: Domain Users SSL certificate required: No Validated UIDs and GIDs for Conflicts: Box Unchecked

Click 'Configure' and that will setup LDAP authentication for your appliance

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
Mark_Solutions
Level 6
Partner Accredited Certified

‎05-14-2014 02:05 AM

I am afraid there is way more to it than just running that command - the last customer i dealt with that wanted this gave up!

Here is the information given to me by Support when i looked at it - hope this helps:

You must first install the Roles for Identity Management for UNIX by installing the 'Administration Tools' and 'Server for Network Information Services' roles. This Microsoft Technote details how to install the roles in question.
http://technet.microsoft.com/en-us/library/cc731178.aspx


Once your NIS enabled Domain is up and running, you need to edit fields in the Unix Attributes tab for both the account you wish to use for LDAP and a group that it is a part of.

Open Active directory and find a group that the account you wish to use is a part of Under the 'UNIX Attributes' tab select your domain from the 'NIS Domain" dropdown then click OK

Then find the account you wish to use and go into the UNIX attributes tab Again select your domain from the 'NIS Domain' dropdown and confirm the group in the 'Primary group name/GID' is the same group used in 2a Then go back to the group selected and go back to the 'UNIX Attributes' tab Here click on the Add button underneath the 'Members:' field Select the user, click Add, then click OK and OK

Configure the Appliance for LDAP Authentication Log into the Appliance Web Interface Then go into Settings > Authentication Select the New Server Configuration radio button I attached a screenshot from an example Active Directory user and group that has been configured with NIS Domain information.


Here are what the LDAP configuration fields would be in this environment

Server Name/IP: DC2012.testlab.pvt
Base DN: dc=DC2012,dc=tesetlab,dc=pvt
Bind DN: "cn=SVC-NetBackup,cn=Managed Service Accounts,dc=DC2012,dc=testlab,dc=pvt" (Double quotes were used because the Managed Service Accounts container contained spaces. If there are no spaces in any of the used attributes, no quotes are needed)
Password: <password of SVC-NetBackup account> Common User Name: NetBackup Service Account Common Group Name: Domain Users SSL certificate required: No Validated UIDs and GIDs for Conflicts: Box Unchecked

Click 'Configure' and that will setup LDAP authentication for your appliance

0 Kudos

Go to solution
jeorainc
Level 4

‎05-14-2014 02:26 AM

Is it okay to just input the information at the web console? as the document didn't mention to install anything at appliance...

 

My current input for LDAP info is below:

Base DN: ou="abc",ou="def ghi",dc="com"

Bind DN: "cn=qq,ou=abc,ou=def ghi,dc=com"

Common User Name = abcdef (no space)

Common User Group = ggggg (no space)

 

and the error:

Error while configuring LDAP.localhost : Yast2 failed reval=[1]. Output from Yast is: Error : unable to get the 'ggggg' group attributes. Please check if this is valid directory group name
Configure failed Status [1] .
Cleaning up all the settings
Error : Encountered invalid argument.

 

I believe I have input everything correctly...

0 Kudos

Go to solution
Mark_Solutions
Level 6
Partner Accredited Certified

‎05-14-2014 02:34 AM

Look at the example I was sent from support  - but if you dont have the  Roles for Identity Management for UNIX installed and configured in your domain it will not have anything to query anyway so will not be configurable - which would produce an error like the one you have

0 Kudos