Skip to main content
NetApp Knowledge Base

What are the prerequisites for Active Directory Remote Authentication with AIQUM?

  1. Last updated
    Mar 1, 2022
  2. Save as PDF
Views:
2,376
Visibility:
Public
Votes:
1
Category:
active-iq-unified-manager
Specialty:
om
Last Updated:
3/1/2022, 4:57:41 PM

Applies to

Active IQ Unified Manager (AIQUM)

Answer

​​​​​​​Prerequisites for enabling Active Directory (AD) remote authentication with AIQUM

  • The firewall must allow the ports mentioned below
    • These ports need to be open between LDAP and the Unified Manager server
      • Port 389
      • Port 636
      • Port 445
      • Port 88
      • Port 53
      • If using Global Catalog LDAP server
        • Port 3268
        • Port 3269
      • If using a single FQDN address for multiple authentication servers,  the x.509 certificate Subject Alternative Name section of the certificate must have the hostnames for each of the authentication servers present.
    • The following command can run from UM server to check the port is open in between UM and the LDAP server
      • UM Windows Server
        • Use Power shell command prompt window, details of Test-NetConnection found here.
        • Command -->Test-NetConnection -ComputerName <ldap_server_name> -InformationLevel "Detailed" -Port 389
      • UM Linux Server 
        Use your favorite command in Linux to test the ports between the two server
        • command from UM server --> nc -zvw10 <ldap_server_name_or_ip> port
          • Example --> nc -zvw10 192.168.0.1 389
  • ​​​​​​​​​​​​​​​​​​​​​Domain user or Domain service account with "password never expire" attribute should be used
  • Domain groups to allow users with different access roles in Unified manager server
  • ​​​​​​​The following commands can be run from the Windows CLI by a Domain User to  gather information regarding the Active Directory settings:
    • systeminfo <--- provides the login domain controller and the domain name
    • gpresult /R<---will provide the base distinguished name (DN) of the Domain user that is running the command and the Domain Group that the Domain user belongs to.

Additional Information

 

Parent topic: Active Directory Remote Authentication Setup and Troubleshooting in AIQ Unified Manager

 

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.