Help on Access > Authentication Providers > Active Directory

The following information and controls appear on Access > Authentication Providers > Active Directory.

Join a domain
Opens a dialog box that enables you to add an Active Directory (AD) authentication provider to the system by joining an AD domain.
Domain Name
Specifies a fully qualified Active Directory domain name. The domain name will also be used as the provider name
User
Specifies the username of an account that is authorized to join the Active Directory domain.
Password
Specifies the password of the user account.
Organizational Unit
Specifies the name of the organizational unit (OU) to connect to on the Active Directory server. Specify the OU in the format OuName or OuName1/SubName2.
Machine Account
Specifies the machine account name to use in Active Directory. Default is the cluster name. If you specified an OU to connect to, the domain join will fail if the machine account does not reside in the OU.
Groupnet
Specifies which groupnet you want to associate with the Active Directory provider. The groupnet speicifies which networking properties the Active Directory provider will use when communicating with external servers. The groupnet associated with the Active Directory provider cannot be changed. Instead you must delete the Active Directory provider and create it again with the new groupnet association. You can add the Active Directory provider only to an access zone that references the same groupnet.
Enable Secure NFS
Specifies whether to add SPNs for using Kerberized NFS. If enabled, OneFS registers NFS service principal names (SPNs) during the domain join.
Advanced Directory Settings
Expanded list that enables you to set advanced options for the provider.
Services For UNIX
Specifies whether to support RFC 2307 attributes for domain controllers. RFC 2307 is required for Windows UNIX Integration and Services For UNIX technologies.
Map to primary domain
Enables the lookup of unqualified user names in the primary domain. If this setting is not enabled, the primary domain must be specified for each authentication operation.
Ignore trusted domains
Ignores all trusted domains.
Trusted Domains
Specifies trusted domains to include even if the Ignore Trusted Domains setting is enabled.
Domains to Ignore
Specifies trusted domains to ignore even if the Ignore Trusted Domains setting is disabled.
Send notification when domain is unreachable
Sends an alert as specified in the global notification rules.
Use enhanced privacy encryption
Encrypts communication to and from the domain controller.
Home Directory Naming
Specifies a path to use as a template for naming home directories. The path must begin with /ifs and can contain one or more of the following expansion variables:
  • %U - user name
  • %D - domain name
  • %Z - zone name
  • %L - host name
  • %0, %1, %2 - first, second, and third character of the user name, respectively
Create home directories on first login
Select to create a home directory the first time a user logs in, if a home directory does not already exist for the user.
UNIX Shell
Specifies a path to the login shell for users who access the OneFS file system through SSH.
If no UID is present in Active Directory
Directs OneFS to perform one of the following actions if there is no UID for a user in AD:
Lookup User
Looks up Active Directory users in all other providers for allocating a UID.
Match users with lowercase
Normalizes Active Directory user names to lowercase before lookup.
Auto-assign UIDs
Enables UID allocation for unmapped Active Directory users.
Note Image

Turning off UID assignment IS NOT RECOMMENDED and could result in serious interoperability issues.

If no GID is present in Active Directory
Directs OneFS to perform one of the following actions if there is no GID for a group in AD:
Lookup Group
Looks up Active Directory groups in all other providers for allocating a GID.
Match groups with lowercase
Normalizes Active Directory group names to lowercase before lookup.
Auto-assign GIDs
Enables GID allocation for unmapped Active Directory groups.
Note Image

Turning off GID assignment IS NOT RECOMMENDED and could result in serious interoperability issues.

Make UID/GID assignments for users and groups in these specific domains
Restricts user and group lookups to the specified domains.
Cancel
Cancels joining to an AD domain and closes the dialog box.
Join
Joins the cluster to the AD domain and adds the Active Directory provider to the system.
Active Directory Providers
Table that displays a list of Active Directory providers currently in the system.
Select an action
Lists actions that can be applied to multiple AD providers simultaneously.
Leave
Bulk action that directs OneFS to leave the domain of each Active Directory provider whose check box has been selected and delete the provider from the system.
Provider Name
Displays the name of the Active Directory provider.
Status
Displays whether the Active Directory provider is enabled or disabled in the system.
View details
Expands the table to display the current attributes of the Active Directory provider.
Edit
Enables you to make modifications to the Active Directory provider settings.
Hide details
Contracts the table to hide information about the Active Directory provider.
Leave
Bulk action that directs OneFS to leave the domain of each Active Directory provider whose check box has been selected and delete the provider from the system.
Close
Contracts the table to hide information about the Active Directory provider.