Raritan Engineering KX2-832 用户手册
Chapter 6: User Management
112
Returning User Group Information from Active Directory Server
The Dominion KX II supports user authentication to Active Directory (AD)
without requiring that users be defined locally on the Dominion KX II.
This allows Active Directory user accounts and passwords to be
maintained exclusively on the AD server. Authorization and AD user
privileges are controlled and administered through the standard
Dominion KX II policies and user group privileges that are applied locally
to AD user groups.
without requiring that users be defined locally on the Dominion KX II.
This allows Active Directory user accounts and passwords to be
maintained exclusively on the AD server. Authorization and AD user
privileges are controlled and administered through the standard
Dominion KX II policies and user group privileges that are applied locally
to AD user groups.
IMPORTANT: If you are an existing Raritan, Inc. customer, and have
already configured the Active Directory server by changing the AD
schema, the Dominion KX II still supports this configuration and
you do not need to perform the following operations. See Updating
the LDAP Schema for information about updating the AD
LDAP/LDAPS schema.
already configured the Active Directory server by changing the AD
schema, the Dominion KX II still supports this configuration and
you do not need to perform the following operations. See Updating
the LDAP Schema for information about updating the AD
LDAP/LDAPS schema.
To enable your AD server on the Dominion KX II:
1. Using the Dominion KX II, create special groups and assign proper
permissions and privileges to these groups. For example, create
groups such as KVM_Admin and KVM_Operator.
groups such as KVM_Admin and KVM_Operator.
2. On your Active Directory server, create new groups with the same
group names as in the previous step.
3. On your AD server, assign the Dominion KX II users to the groups
created in step 2.
4. From the Dominion KX II, enable and configure your AD server
properly. See Implementing LDAP/LDAPS Remote Authentication.
Important Notes:
•
Group Name is case sensitive.
•
The Dominion KX II provides the following default groups that cannot
be changed or deleted: Admin and <Unknown>. Verify that your
Active Directory server does not use the same group names.
be changed or deleted: Admin and <Unknown>. Verify that your
Active Directory server does not use the same group names.
•
If the group information returned from the Active Directory server
does not match a Dominion KX II group configuration, the Dominion
KX II automatically assigns the group of <Unknown> to users who
authenticate successfully.
does not match a Dominion KX II group configuration, the Dominion
KX II automatically assigns the group of <Unknown> to users who
authenticate successfully.
•
If you use a dialback number, you must enter the following
case-sensitive string: msRADIUSCallbackNumber.
case-sensitive string: msRADIUSCallbackNumber.
•
Based on recommendations from Microsoft, Global Groups with user
accounts should be used, not Domain Local Groups.
accounts should be used, not Domain Local Groups.