Manualshelf

White Papers

ManualsBrandsDell ManualsConverged InfrastructureStorage Solution Resources
12345678910
Using Windows Active Directory For Account Authentication to PS Series Groups 1
INTRODUCTION
Enterprises of all sizes consolidate user management and authentication into services
such as Active Directory. It is common in these environments to want to control
administrator accounts in the PS Series SAN from Active Directory. PS Series arrays
allow the authentication of administrator (and iSCSI) accounts with AD, by using
Windows Server 2003 Internet Authentication Service (IAS) or Windows Server 2008
Network Policy Service (NPS) as a connector between the PS Series SAN and Active
Directory.
This paper describes the setup and configuration of RADIUS clients to authenticate to
PS Series groups. Using RADIUS allows Active Directory and the PS Series group to
administer accounts for SAN management. This configuration can improve security
and centralize administrator privileges throughout the PS Series SAN.
This Technical Report describes the steps to configure NPS on Windows Server 2008
(and IAS on Windows 2003 Appendix A) by creating Network Policies that grant full,
partial, and read-only administrative privilege to the PS Series group.
Prerequisites
In order to setup and configure remote authentication to a PS Series group using
RADUIS clients the following are required:
A domain controller with network access to the PS Series group.
Familiarity with Active Directory user and group account management.
Understanding of PS Series group management.
Steps Covered in This Document
1. Prepare the server and PS Group for RADIUS authentication
Install and configure NPS on Windows Server 2008.
Configure the PS Series group as a RADIUS client.
Configure the PS Series group to recognize and accept login attempts
from the RADIUS server.
2. Choose and configure access authentication to the EqualLogic SAN
Optionally Use Vendor Specific Attributes to control access to the PS
Series Group
Create a new group in Active Directory and add select users to
that group. The members of this group are those users who will
administer the PS Series group and to whom the Network Policy
will be applied.
Create a Network Policy on the NPS server that specifies
conditions to grant administrator privilege to a PS Series group.
Add Vendor Specific Attributes to the policy to grant specific
access privileges to the PS Series Group.
Optionally configure to use CHAP and RADIUS clients for iSCSI access to
the PS Series Group
The following sections describe each of these tasks in detail.