Returning User Group Information from Active Directory Server

The KX III supports user authentication to Active Directory^® (AD) without requiring that users be defined locally on the KX III. This allows Active Directory user accounts and passwords to be maintained exclusively on the AD server. Authorization and AD user privileges are controlled and administered through the standard KX III policies and user group privileges that are applied locally to AD user groups.

IMPORTANT: If you are an existing Raritan, Inc. customer, and have already configured the Active Directory server by changing the AD schema, the KX III still supports this configuration and you do not need to perform the following operations. See Updating the LDAP Schema for information about updating the AD LDAP/LDAPS schema.

• To enable your AD server on the KX III:

1. Using the KX III, create special groups and assign proper permissions and privileges to these groups. For example, create groups such as KVM_Admin and KVM_Operator.
2. On your Active Directory server, create new groups with the same group names as in the previous step.
3. On your AD server, assign the KX III users to the groups created in step 2.
4. From the KX III, enable and configure your AD server properly. See Implementing LDAP/LDAPS Remote Authentication.

Important Notes

• Group Name is case sensitive.
• The KX III provides the following default groups that cannot be changed or deleted: Admin and <Unknown>. Verify that your Active Directory server does not use the same group names.
• If the group information returned from the Active Directory server does not match the KX III group configuration, the KX III automatically assigns the group of <Unknown> to users who authenticate successfully.
• If you use a dialback number, you must enter the following case-sensitive string: msRADIUSCallbackNumber.
• Based on recommendations from Microsoft, Global Groups with user accounts should be used, not Domain Local Groups.