HP Storage Essentials NAS Manager Software User Manual
Page 202
Managing Security
170
1.
Before switching to Active Directory (AD) authentication mode, the management server needs to
be configured with a designated Active Directory user and other AD specific credentials. At
startup, the designated Active Directory user is mapped to the built-in “admin” user and
overrides it with the Active Directory user information.
IMPORTANT:
Make sure the administrator account has already been created in Active
Directory before you add it to the login-handler.xml file.
a. On the management server look in one of the following locations:
• Windows: %MGR_DIST\Data\Configuration
• UNIX systems: $MGR_DIST/Data/Configuration
NOTE:
If you want to go back and forth between internal and external (AD/LDAP)
authentication, rename the login-handler.xml file before you modify it. This way you
can easily switch back to internal authentication by changing the file name back to
login-handler.xml.
b. In the login-handler.xml file, change the value of the <AdminAccountName> tag to
the name of a user account in Active Directory, as shown in the following example:
<AdminAccountName>domain\PrimaryUser</AdminAccountName>
where
PrimaryUser
is the name of the user account that is designated as the primary user in
Active Directory.
Keep in mind the following:
• For security reasons, it is recommended that the designated user not be the AD Domain
Administrator
• If you are using Active Directory, prefix the user name with the domain name, for example:
domain\
PrimaryUser
2.
In the login-handler.xml file, comment out the section that contains
com.appiq.security.server.BasicLoginhandler, which enables internal
authentication mode. Only one login handler is allowed at a time.
<!--LoginHandlerClass>com.appiq.security.server.BasicLoginHandler</LoginHan
dlerClass-->
3.
Comment out the <LoginHandlerType>Default</LoginHandlerType> tag as follows:
<!--LoginHandlerType>Default</LoginHandlerType-->
4.
Uncomment the line containing the class name and login handler type so that it appears as
follows:
<LoginHandlerClass>com.appiq.security.server.ActiveDirectoryLoginHan
dler</LoginHandlerClass>
<LoginHandlerType>ActiveDirectory</LoginHandlerType>
5.
Replace directory.hp.com with the IP address or the fully qualified DNS name of your
primary Domain Controller server in the login-handler.xml file, as shown in the following
example:
<PrimaryServer port="389">192.168.10.1</PrimaryServer>