Global Administrators can provide information to configure, modify, and list Active Directory (AD) servers for authentication on the Active Directory Servers page.
To enable Active Directory, the SMU administrator needs to know the following information:
- The name of the domain or forest from which the Active Directory users and groups will access the SMU.
- The LDAP distinguished name and password of an Active Directory user that has read access to users and groups on the Active Directory servers. This is referred to as the Search User. The user can search for users or groups under the supplied base distinguished name.
- The addresses of one or more Active Directory servers that maintain the users and groups for the domain or forest. Each AD server must be from the same domain unless Global Catalog is enabled in which case each AD server must be from the same Forest. If DNS servers have been configured for the SMU, then when a Forest DNS name or Domain DNS name is set in the find servers dialogue box, the SMU should be able to automatically discover these server addresses via the find button in the find servers dialogue box. SRV records must be setup for find servers to find the Active Directory servers.
- The Active Directory group or groups whose members are to be given the right to log into the SMU. To guarantee that membership will work properly with any AD server when Global Catalog is enabled, all the groups must be Universal groups.
- If RADIUS was previously in use and it is to be replaced by Active Directory, then the RADIUS configuration must first be removed before Active Directory can be configured. This is done from the Home>SMU Administrator>RADIUS Servers page by clicking the remove all settings button. No RADIUS user will be able to log into the SMU after this is done.
Note: On the NAS system, local users and Active
Directory groups can be given read-only access. A read-only user has permission to
view most pages of the NAS Manager; however, they are not generally allowed to
perform any actions on the NAS Manager that would create a system or configuration
change.