3.
Click OK on the confirmation window.
4.
Click OK to finish.
Using Active Directory for external authentication
Use Active Directory to simplify management of user authentication with HP LeftHand Storage.
Configuring Active Directory allows Microsoft Windows domain users to authenticate to HP LeftHand
Storage using their Windows credentials, avoiding the necessity of adding and maintaining
individual users in the SAN/iQ software.
Requirements
The HP LeftHand Storage Active Directory implementation supports users in multiple domains
that are configured in parent-child trust relationships only, as shown in
Refer to the Microsoft documentation for Active Directory for more information.
Table 27 Supported and unsupported trust relationships
Supported trust relationship
Parent-child trusts
All storage systems in the management group must be online to configure external
authentication.
You must be logged in as a SAN/iQ administrative user to set up Active Directory the first
time. Subsequently, Active Directory users with the proper permissions can configure and
manage Active Directory groups.
Create or designate an administrative group in the CMC to associate with the Active Directory
group. This group can contain local users as well as the Active Directory users.
Set up the external authentication with the following Active Directory credentials:
◦
Bind user name and password
◦
Active Directory server IP addresses or server names. To use Active Directory server names,
the DNS server in the management group must be one of the DNS servers used in the
Active Directory domain.
Users must use their User Principal Name login, for example, jane.doe@it.acme.net.
Unsupported trust relationships
Intra-forest trusts:
◦
Tree-root trusts
◦
Shortcut trusts
Inter-forest trusts:
◦
External trusts
◦
Forest trusts
◦
Realm trusts (trust between Windows and
non-Windows domains)
Using Active Directory for external authentication
Table 27 (page
79).
79