Connecting two authentication servers – HP XP P9500 Storage User Manual
Page 40
Prerequisite software
•
Active Directory
Authentication protocol for user for searching
•
LDAP v3 Simple bind
Connecting two authentication servers
Two authentication servers can be connected. When the servers are connected, the server
configurations must be the same, except for the IP address and the port.
If you search for a server using information registered in the SRV records in the DNS server, confirm
that the following conditions are satisfied:
LDAP server conditions:
•
The environmental setting for the DNS server is completed at the LDAP server.
•
The host name, the port number, and the domain name of the LDAP server are registered in
the DNS server.
Kerberos server conditions:
•
The host name, the port number, and the domain name of the Kerberos server are registered
in the DNS server.
•
You cannot use the SRV records on a RADIUS server.
Because UDP/IP is used to access the RADIUS server, no encrypted communications are available,
such as negotiations between processes. To access the RADIUS server in a secure environment,
encryption in the packet level is required, such as IPsec.
If an LDAP server or Kerberos server is used as an authentication server and works with an
authorization server, the authentication server and the authorization server must use the same host.
If you use RADIUS servers as authentication servers, you can connect two authentication servers
(primary server and secondary server) and one authorization server.
If you use RADIUS servers as authentication servers with both primary and secondary servers
specified and you specify different domains of authorization servers for the primary and the
secondary servers prior to SVP microcode version 70-02-5x/00, a server configuring operation
in the Setup Server window in SVP microcode version 70-02-5x/00 or later will only enable the
authorization server with the domain you have specified on the primary server.
Connecting authentication and authorization servers
Before you can connect an authentication server and an authorization server, you must configure
your network.
Prerequisites
•
If you have not already done so, obtain a security administrator account with a View & Modify
role.
•
Contact your server administrator for information about the values to be written in the LDAP,
RADIUS, or Kerberos configuration file. If you use LDAP servers, the files of the LDAP servers
must be certified; obtain certification.
•
Contact your network administrator for information about the network settings.
•
Give your service representative the IP address of the DNS server and ask that representative
to configure the SVP.
To connect authentication and authorization servers:
1.
Click Settings
→Environmental Setting→View External Authentication Server Properties.
40
Setting up and managing user accounts