Difference between revisions of "Active Directory & LDAP/9.2"

From PC-BSD Wiki
Jump to: navigation, search
(11 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
<noinclude>{{NavHeader|back=About|forward=Hardware Compatibility}}</noinclude>
 
<noinclude>{{NavHeader|back=About|forward=Hardware Compatibility}}</noinclude>
  
SCREENSHOTS AND DESCRIPTIONS MAY CHANGE AFTER BETA1
+
'''THIS UTILITY MAY OR MAY NOT APPEAR IN THE CONTROL PANEL OF 9.1-RELEASE AS IT IS STILL BEING TESTED'''
  
Beginning with PC-BSD 9.1, the Control Panel contains an Active Directory Config icon for managing connections to an Active Directory domain. If your network contains an Active Directory ({{citelink|url=http://en.wikipedia.org/wiki/Active_directory|AD}}) server, use this icon to input the settings needed to connect to your account information stored on the network. At this time, these settings can not be set during installation of PC-BSD 9.1; this will be added as a feature of version 9.2.
+
Beginning with PC-BSD® 9.1, the Control Panel contains an "Active Directory" & "LDAP" icon for managing connections to an Active Directory or OpenLDAP domain. If your network contains an Active Directory AD or OpenLDAP server, use this icon to input the settings needed to connect to your account information stored on the network. At this time, these settings can not be set during installation of PC-BSD® 9.1; this will be added as a feature of version 9.2.
  
'''NOTE:''' this utility is to manage the ''' ''client'' ''', not the Active Directory server itself.
+
'''NOTE:''' this utility is to manage the client, not the Active Directory or OpenLDAP server itself.
  
 
To start the application, double-click its icon in Control Panel or type '''pc-adsldap'''. Figure 8.3a shows the configuration utility with the Active Directory tab open.
 
To start the application, double-click its icon in Control Panel or type '''pc-adsldap'''. Figure 8.3a shows the configuration utility with the Active Directory tab open.
Line 11: Line 11:
 
'''Figure 8.3a: Managing Active Directory Client Settings'''
 
'''Figure 8.3a: Managing Active Directory Client Settings'''
  
[[File:Ad.png]]
+
[[File:Ad2.png]]
  
If you need to connect to a network running Active Directory, check the box "Enable Active Directory". This will ungrey out the rest of the screen, allowing you to configure the following:
+
If you need to connect to a network running Active Directory, check the box "Enable Active Directory". This will change the greyed-out status of the rest of the screen, allowing you to configure the following:
 
+
* '''Domain Controller Name:''' the IP address or hostname of the Windows domain controller. This setting is mandatory.
+
  
 
* '''Domain Name:''' name of Active Directory domain (e.g. example.com) or child domain (e.g. sales.example.com). This setting is mandatory.
 
* '''Domain Name:''' name of Active Directory domain (e.g. example.com) or child domain (e.g. sales.example.com). This setting is mandatory.
  
* '''NetBIOS Name:''' hostname of PC-BSD system.
+
* '''NetBIOS Name:''' hostname of PC-BSD® system.
 +
 
 +
* '''Workgroup Name:''' name of Windows server's workgroup.
  
* '''Allow Trusted Domains:''' checking this box is optional. It should only be checked if the network has {{citelink|url=http://technet.microsoft.com/en-us/library/cc757352%28WS.10%29.aspx|active domain/forest trusts}} and you need to manage files on multiple domains; use with caution as it will generate more winbindd traffic, slowing down the ability to filter through user/group information
+
* '''Allow Trusted Domains:''' checking this box is optional. It should only be checked if the network has {{citelink|url=http://technet.microsoft.com/en-us/library/cc757352%28WS.10%29.aspx|txt=active domain/forest trusts}}.
  
 
* '''Administrator Name:''' name of the Active Directory Administrator account.
 
* '''Administrator Name:''' name of the Active Directory Administrator account.
Line 33: Line 33:
 
[[File:Ad1.png]]
 
[[File:Ad1.png]]
  
If you need to connect to a network which contains a configured LDAP server, check the box "Enable LDAP". This will ungrey out the rest of the screen, allowing you to configure the following:
+
If you need to connect to a network which contains a configured LDAP server, check the box "Enable LDAP". This will change the greyed-out status of the rest of the screen, allowing you to configure the following:
  
 
* '''Hostname:''' hostname or IP address of LDAP server. This setting is mandatory.
 
* '''Hostname:''' hostname or IP address of LDAP server. This setting is mandatory.
Line 41: Line 41:
 
* '''Allow Anon Binding:''' instructs the LDAP server to allow read/write access without requiring authentication.
 
* '''Allow Anon Binding:''' instructs the LDAP server to allow read/write access without requiring authentication.
  
* '''Root bind DN:''' name of administrative account on LDAP server (e.g. cn=Manager,dc=test,dc=org).  
+
* '''Root bind DN:''' name of administrative account on LDAP server (e.g. cn=Manager,dc=test,dc=org).
  
* '''Root bind password:''' password for Root bind DN.  
+
* '''Root bind password:''' password for Root bind DN.
  
 
* '''Password Encryption:''' select a type supported by the LDAP server, choices are: clear (unencrypted), crypt, md5, nds, racf, ad, or exop.
 
* '''Password Encryption:''' select a type supported by the LDAP server, choices are: clear (unencrypted), crypt, md5, nds, racf, ad, or exop.
Line 55: Line 55:
 
* '''Machine Suffix:''' optional, can be added to name when system added to LDAP directory (e.g. server, accounting).
 
* '''Machine Suffix:''' optional, can be added to name when system added to LDAP directory (e.g. server, accounting).
  
* '''Encryption Mode:''' choices are Off, SSL, or TLS.
+
* '''Encryption Mode:''' choices are "Off", "SSL", or "TLS".
  
 
* '''Self Signed Certificate:''' used to verify the certificate of the LDAP server if SSL connections are used; paste the output of the command '''openssl s_client -connect server:port -showcerts.'''
 
* '''Self Signed Certificate:''' used to verify the certificate of the LDAP server if SSL connections are used; paste the output of the command '''openssl s_client -connect server:port -showcerts.'''
  
* '''Auxiliary Parameters:''' {{citelink|url=http://www.openldap.org/software/man.cgi?query=ldap.conf|ldap.conf(5)}} options, one per line, not covered by other options in this screen  
+
* '''Auxiliary Parameters:''' {{citelink|url=http://www.openldap.org/software/man.cgi?query=ldap.conf|txt=ldap.conf(5)}} options, one per line, not covered by other options in this screen.
  
 
<noinclude>{{refheading}}</noinclude>
 
<noinclude>{{refheading}}</noinclude>
Line 65: Line 65:
 
[[category:handbook]]
 
[[category:handbook]]
 
[[category:Control Panel]]
 
[[category:Control Panel]]
[[category:Active Directory Config]]
+
[[category:Active Directory & LDAP]]
 
</noinclude>
 
</noinclude>

Revision as of 11:50, 12 November 2012

(Sorry for the inconvenience)

THIS UTILITY MAY OR MAY NOT APPEAR IN THE CONTROL PANEL OF 9.1-RELEASE AS IT IS STILL BEING TESTED

Beginning with PC-BSD® 9.1, the Control Panel contains an "Active Directory" & "LDAP" icon for managing connections to an Active Directory or OpenLDAP domain. If your network contains an Active Directory AD or OpenLDAP server, use this icon to input the settings needed to connect to your account information stored on the network. At this time, these settings can not be set during installation of PC-BSD® 9.1; this will be added as a feature of version 9.2.

NOTE: this utility is to manage the client, not the Active Directory or OpenLDAP server itself.

To start the application, double-click its icon in Control Panel or type pc-adsldap. Figure 8.3a shows the configuration utility with the Active Directory tab open.

Figure 8.3a: Managing Active Directory Client Settings

Ad2.png

If you need to connect to a network running Active Directory, check the box "Enable Active Directory". This will change the greyed-out status of the rest of the screen, allowing you to configure the following:

  • Domain Name: name of Active Directory domain (e.g. example.com) or child domain (e.g. sales.example.com). This setting is mandatory.
  • NetBIOS Name: hostname of PC-BSD® system.
  • Workgroup Name: name of Windows server's workgroup.
  • Administrator Name: name of the Active Directory Administrator account.
  • Administrator Password: password for the Active Directory Administrator account.

Figure 8.3b shows the configuration utility with the LDAP tab open.

Figure 8.3b: Managing LDAP Client Settings

Ad1.png

If you need to connect to a network which contains a configured LDAP server, check the box "Enable LDAP". This will change the greyed-out status of the rest of the screen, allowing you to configure the following:

  • Hostname: hostname or IP address of LDAP server. This setting is mandatory.
  • Base DN: top level of the LDAP directory tree to be used when searching for resources (e.g. dc=test,dc=org).
  • Allow Anon Binding: instructs the LDAP server to allow read/write access without requiring authentication.
  • Root bind DN: name of administrative account on LDAP server (e.g. cn=Manager,dc=test,dc=org).
  • Root bind password: password for Root bind DN.
  • Password Encryption: select a type supported by the LDAP server, choices are: clear (unencrypted), crypt, md5, nds, racf, ad, or exop.
  • User Suffix: optional, can be added to name when user account added to LDAP directory (e.g. dept. or company name).
  • Group Suffix: optional, can be added to name when group added to LDAP directory (e.g. dept. or company name).
  • Password Suffix: optional, can be added to password when password added to LDAP directory.
  • Machine Suffix: optional, can be added to name when system added to LDAP directory (e.g. server, accounting).
  • Encryption Mode: choices are "Off", "SSL", or "TLS".
  • Self Signed Certificate: used to verify the certificate of the LDAP server if SSL connections are used; paste the output of the command openssl s_client -connect server:port -showcerts.
  • Auxiliary Parameters: ldap.conf(5)[2] options, one per line, not covered by other options in this screen.

References


  1. http://technet.microsoft.com/en-us/library/cc757352%28WS.10%29.aspx
  2. http://www.openldap.org/software/man.cgi?query=ldap.conf
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox