Connecting authentication and authorization servers

System Administrator Guide for VSP 5000 Series

Version
90-09-2x
Audience
anonymous
Part Number
MK-98RD9009-16

Before you can connect an authentication server and an authorization server, you must configure your network.

  • If you have not already done so, obtain a security administrator account with the View & Modify role.
  • Contact your server administrator for information about the values to be written in the LDAP, RADIUS, or Kerberos configuration file. If you use LDAP servers, the files of the LDAP servers must be certified; obtain certification.
  • Contact your network administrator for information about the network settings.
  • Give your service representative the IP address of the DNS server and ask that representative to configure the SVP.
  1. Click Settings > User Management > View External Authentication Server Properties.
  2. Click Setup Server to open the Setup Server window
  3. Select the type of the authentication server.
  4. Specify options to connect to the authentication server. If you use more than one authentication server or an authorization server, specify an option for each server.
  5. To test the connection, in the Server Configuration Test field, click Check.
  6. Click Finish.
  7. Enter a task name, and then click Apply.
  8. After you finish setting up the authentication and authorization servers and confirm that you can use the servers, save a copy of the configuration files for connecting the authentication server.
    Note:
    • When the SVP High Reliability Kit is used, the settings are automatically linked to the standby SVP.
    • When using only an authentication server, the connection test verifies the connection between the SVP and the authentication server, and that the authentication has been performed on the authentication server. Use a user name registered on the authentication server to perform the test. If the user name used in the authentication server test is not registered on the storage system, the login to the storage system cannot be performed with the user name used in the test. Therefore, register the user name used in the test by selecting External in the Create User window. See Creating user accounts.
    • When using the authentication and authorization servers, the connection test verifies the connection between the SVP and the authentication server, and that authentication has been performed on the authentication server. In addition, the test verifies that group information can be obtained from the authorization server. Use a user name registered on the authentication server to perform the test. If the group information obtained from the authorization server is not registered on the storage system, the login to the storage system cannot be performed with the user name used in the test. Therefore, register the group information registered in the authorization server in the Create User Group window. See Creating a new user group.