Setting Up Active Directory and Authenticating OneXafe

Overview

Active Directory provides a central location for network administration and security. OneSystem allows you to integrate your OneXafe to a previously configured Active Directory. This section describes authenticating OneXafe with Active Directory.

NOTE: OneXafe supports up to 20 trusted forests, trees, and domains.

Important! The DNS and NTP servers must be the same on OneXafe cluster and the Domain controller(s). They both must be synchronized with a public or private NTP server. Please ensure the default NTP servers are replaced with the same NTP servers used by the Domain Controllers. This can be done in the OneXafe web console.

Requirements

The following information is required before proceeding:

• Domain Name — The Domain name is the Fully Qualified Domain Name (FQDN) of your domain.
• NetBIOS Domain Name — The NetBIOS Domain Name is the short name of your Domain. It is limited to 15 characters and is usually the first name of the FQDN, but sometimes it can be completely different. This can be found on your domain controller by:
• Opening "Active Directory Users and Computers".
• Right-clicking on the domain and choosing "properties".
• Look for the “Domain Name” (Pre Windows 2000).
• Domain Controller — Domain controllers. The default, and strongly recommend option, is to use an “*”. If there is a complex environment, this can be problematic and specifying the name or IP address of your domain controllers can sometimes resolve problems. If there is more than one domain controller, a comma can be used to delineate additional domain controllers. If there are name resolution issues, an IP should be used.
• Organizational Unit — Optional configuration enabling admins to enter an organizational unit within the Active Directory Domain.
• Domain/Delegated Admin Credentials — The Domain or Delegated Admin user name and password are needed to authenticate OneXafe with the AD domain controller.

Important! It is a best practice to ensure all of the domain controllers are accurately synchronized so that all Kerberos tickets are available to the OneXafe cluster. This will ensure seamless user access through AD authorization.