vSZ 5.1.x Administrators - Active Directory
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2020 08:55 AM
Hi
I have a vSZ (v5.1.2.0.302), and am trying to configure an AAA server for SmartZone Administrators. The manual doesn't seem to be giving me what I need - or at least, I'm not seeing the wood for the trees. I also have a couple of questions to follow..
I've configured an AAA AD server: Administrators -> Admins & Roles -> AAA:
Name: domain.local
Type: Active Directory
Realm: domain.local
Default Role Mapping: Off
IP address: 1.2.3.4
Port: 389
Windows Domain Name: dc=domain,dc=local
Test AAA is a success, but:
1. How do I actually add AD users or groups to 'Administrators'?
2. How can I add a second Domain Controller?
3. Port 389 is essentially LDAP in plain text - if I choose port 636 (LDAPS) - it fails. How do I secure comms to the Domain Controller?
New to the World of SmartZones, so forgive me for the basics..
Cheers, James
I have a vSZ (v5.1.2.0.302), and am trying to configure an AAA server for SmartZone Administrators. The manual doesn't seem to be giving me what I need - or at least, I'm not seeing the wood for the trees. I also have a couple of questions to follow..
I've configured an AAA AD server: Administrators -> Admins & Roles -> AAA:
Name: domain.local
Type: Active Directory
Realm: domain.local
Default Role Mapping: Off
IP address: 1.2.3.4
Port: 389
Windows Domain Name: dc=domain,dc=local
Test AAA is a success, but:
1. How do I actually add AD users or groups to 'Administrators'?
2. How can I add a second Domain Controller?
3. Port 389 is essentially LDAP in plain text - if I choose port 636 (LDAPS) - it fails. How do I secure comms to the Domain Controller?
New to the World of SmartZones, so forgive me for the basics..
Cheers, James
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2020 09:50 PM
Hi James,
Check the below steps:
1. You need to create a group for the access on the SZ under Administration --> Admins and Roles --> Click ‘Create’ Under Groups.
2. Create a local user on the "Available Users" step and add it in the "Selected Users".
3. Add the AD under Administration --> Admins and Roles --> AAA --> Create -->.
4. Map the domain name "training.com" (my lab domain name), under "Realm".
5. Enable "Default Role Mapping" and map the SZ User Group create along with along SZ local user created.
6. You need to map the domain and the AD users on the "Windows Domain Name".
7. Example for the domain training.com CN=Users,DC=training,DC=com
8. On the AD, fo to Run >> lpd.exe
9. Click on Connection >> Connect >> type localhost wits port 389.
10. Click on connection >> Bind >> Map the administrator user.
11. Click on View >> Tree >> add the base domain name. In my case it is CN=Users,DC=training,DC=com
Once done, test the authentication from the SZ>> Administration >> Admin and Roles >> AAA >>> Test AAA
Check the below steps:
1. You need to create a group for the access on the SZ under Administration --> Admins and Roles --> Click ‘Create’ Under Groups.
2. Create a local user on the "Available Users" step and add it in the "Selected Users".
3. Add the AD under Administration --> Admins and Roles --> AAA --> Create -->.
4. Map the domain name "training.com" (my lab domain name), under "Realm".
5. Enable "Default Role Mapping" and map the SZ User Group create along with along SZ local user created.
6. You need to map the domain and the AD users on the "Windows Domain Name".
7. Example for the domain training.com CN=Users,DC=training,DC=com
8. On the AD, fo to Run >> lpd.exe
9. Click on Connection >> Connect >> type localhost wits port 389.
10. Click on connection >> Bind >> Map the administrator user.
11. Click on View >> Tree >> add the base domain name. In my case it is CN=Users,DC=training,DC=com
Once done, test the authentication from the SZ>> Administration >> Admin and Roles >> AAA >>> Test AAA
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2020 09:51 PM
If you need to have more filters for the user groups, try using LDAP option on the SZ.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-04-2020 08:57 AM
I've followed your instructions and the AAA Server test returns "AAA testing: Success! Associated with Default Role Mapping [TestUser of TestGroup]".
The problem is that when I try to log in, I get an error that says "User is not assigned to an admin user group". The group's account security is set to default.
The problem is that when I try to log in, I get an error that says "User is not assigned to an admin user group". The group's account security is set to default.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2020 12:09 PM
FYI this has been identified as a bug in v5.1.2.0.302 and is reportedly fixed in v5.2.x
