Returning User Group Information from Active Directory Server
The Dominion KSX supports user authentication to Active Directory (AD) without requiring that users be defined locally on the Dominion KSX. This allows Active Directory user accounts and passwords to be maintained exclusively on the AD server. Authorization and AD user privileges are controlled and administered through the standard Dominion KSX policies and user group privileges that are applied locally to AD user groups.
IMPORTANT: If you are an existing Raritan, Inc. customer, and have already configured the Active Directory server by changing the AD schema, the Dominion KSX still supports this configuration and you do not need to perform the following operations. See Updating the LDAP Schema for information about updating the AD LDAP/LDAPS schema.
To enable your AD server on the Dominion KSX:
Using the Dominion KSX, create special groups and assign proper permissions and privileges to these groups. For example, create groups such as KVM_Admin and KVM_Operator.
On your Active Directory server, create new groups with the same group names as in the previous step.
On your AD server, assign the Dominion KSX users to the groups created in step 2.
From the Dominion KSX, enable and configure your AD server properly. See Implementing LDAP/LDAPS Remote Authentication.
Important Notes:
Group Name is case sensitive.
The Dominion KSX provides the following default groups that cannot be changed or deleted: Admin and <Unknown>. Verify that your Active Directory server does not use the same group names.
If the group information returned from the Active Directory server does not match a Dominion KSX group configuration, the Dominion KSX automatically assigns the group of <Unknown> to users who authenticate successfully.
If you use a dialback number, you must enter the following case-sensitive string: msRADIUSCallbackNumber.
Based on recommendations from Microsoft, Global Groups with user accounts should be used, not Domain Local Groups.