HP Storage Essentials NAS Manager Software User Manual

Page 202

Advertising
background image

Managing Security

170

1.

Before switching to Active Directory (AD) authentication mode, the management server needs to

be configured with a designated Active Directory user and other AD specific credentials. At

startup, the designated Active Directory user is mapped to the built-in “admin” user and

overrides it with the Active Directory user information.

IMPORTANT:

Make sure the administrator account has already been created in Active

Directory before you add it to the login-handler.xml file.

a. On the management server look in one of the following locations:

Windows: %MGR_DIST\Data\Configuration
UNIX systems: $MGR_DIST/Data/Configuration

NOTE:

If you want to go back and forth between internal and external (AD/LDAP)

authentication, rename the login-handler.xml file before you modify it. This way you

can easily switch back to internal authentication by changing the file name back to
login-handler.xml.

b. In the login-handler.xml file, change the value of the <AdminAccountName> tag to

the name of a user account in Active Directory, as shown in the following example:

<AdminAccountName>domain\PrimaryUser</AdminAccountName>

where

PrimaryUser

is the name of the user account that is designated as the primary user in

Active Directory.
Keep in mind the following:
• For security reasons, it is recommended that the designated user not be the AD Domain

Administrator

• If you are using Active Directory, prefix the user name with the domain name, for example:

domain\

PrimaryUser

2.

In the login-handler.xml file, comment out the section that contains
com.appiq.security.server.BasicLoginhandler, which enables internal

authentication mode. Only one login handler is allowed at a time.

<!--LoginHandlerClass>com.appiq.security.server.BasicLoginHandler</LoginHan
dlerClass-->

3.

Comment out the <LoginHandlerType>Default</LoginHandlerType> tag as follows:

<!--LoginHandlerType>Default</LoginHandlerType-->

4.

Uncomment the line containing the class name and login handler type so that it appears as

follows:

<LoginHandlerClass>com.appiq.security.server.ActiveDirectoryLoginHan

dler</LoginHandlerClass>
<LoginHandlerType>ActiveDirectory</LoginHandlerType>

5.

Replace directory.hp.com with the IP address or the fully qualified DNS name of your

primary Domain Controller server in the login-handler.xml file, as shown in the following

example:

<PrimaryServer port="389">192.168.10.1</PrimaryServer>

Advertising
This manual is related to the following products:

Storage Essentials Report Designer Software, Storage Essentials Enterprise Edition Software, Storage Essentials Provisioning Manager Software, Storage Essentials Chargeback Manager Software, Storage Essentials Backup Manager Software, Storage Essentials Global Reporter Software, Storage Essentials File System Viewer Software, Storage Essentials Exchange Viewer Software, BladeSystem p-Class Power Distribution

Popular Brands
Popular manuals