Raritan Computer DOMINION KX II DKX2-0E-E User Manual

Chapter 8: User Management

117

Returning User Group Information from Active Directory
Server

The Dominion KX II supports user authentication to Active Directory
(AD) without requiring that users be defined locally on the Dominion
KX II. This allows Active Directory user accounts and passwords to be
maintained exclusively on the AD server. Authorization and AD user
privileges are controlled and administered through the standard
Dominion KX II policies and user group privileges (that are applied
locally to AD user groups).

Note: If you are an existing Raritan, Inc. customer, and have already configured
the Active Directory server by changing the AD schema, Dominion KX II still
supports this configuration, and you do not need to perform the following
operations. Please refer to Appendix B: Updating the LDAP Schema (see
"Updating the LDAP Schema" on page 197) for information about updating the
AD LDAP schema.

¾

To enable your AD server on the Dominion KX II:

1. Using Dominion KX II, create special groups and assign proper

permissions and privileges to these groups. For example, create
groups such as: KVM_Admin, KVM_Operator.

2. On your Active Directory server, create new groups with the same

group names as in the previous step.

3. On your AD server, assign the Dominion KX II users to the groups

created in step 2.

4. From the Dominion KX II, enable and configure your AD server

properly. Please refer to Implementing LDAP Remote
Authentication (on page 115).

Important Notes:

• Group Name is case sensitive.
• The Dominion KX II provides the following default groups which

can not been changed or deleted: Admin and <Unknown>. Please
verify that your Active Directory server does not use the same group
names.

• If the group information returned from the Active Directory server

does not match a Dominion KX II group configuration, the
Dominion KX II automatically assigns the group of <Unknown> to
users who authenticate successfully.