Nutanix supports user authentication using Local settings that use the local authentication provided by Nutanix. This method is employed when a user enters just a login name without specifying a domain (e.g. user1). And The Directory Service setting that use Microsoft Active directory to validates users accounts. This method is employed when a user enters a login name with a domain name (e.g. user1@domin.com).
Nutanix Local Service:
The admin user is created automatically when you get a Nutanix system, but you can add more users as needed.
To create a new user, do the following:
1. In the gear icon pull-down list of the main menu, select User Management.
2. To add a user, click the New User.
3. do the following in the displayed fields:
a. Username: Enter a user name.
b. First Name: Enter a first name.
c. Last Name: Enter a last name.
d. Email: Enter the user email address.
e. Password: Enter a password (maximum of 255 characters).
f. Roles: Assign a role to this user.
There are three options:
• Checking the User Administrator box allows the user to view information, perform any
administrative task, and create or modify user accounts.
Note: Checking this box automatically checks the Cluster Admin box as well to indicate this user has full permissions. However, a user administrator has full permissions regardless of whether the cluster administrator box is checked.)
• Checking the Cluster Administrator box allows the user to view information and perform any
administrative task (but not create or modify user accounts).
• Leaving both boxes unchecked allows the user to view information, but it does not provide permission to perform cluster or user administrative tasks.
g. When all the fields are correct, click the Save.
Directory Service Authentication
1. In the gear icon pull-down list of the main menu, select Authentication.
2.Click the Authentication Types tab and then check the box for Directory Service. After that click Save.
3. Click the Directory List tab and then the New Directory button.
A set of fields is displayed. Do the following in the indicated fields and click Save.
a. Name: Enter a name you choose to identify this directory.
b. Domain: Enter the domain name in DNS format, e.g. “nutanix.com”.
c. Directory URL: Enter the URL address to the directory.
The URL format is as follows for an LDAP entry
ldap://host:ldap_port_num.
ldap://192.168.1.10:389
The host value is either the IP address or fully qualified domain name.
The default LDAP port number is 389. Nutanix also supports LDAPS (port 636) and LDAP/S Global Catalog (ports 3268 and 3269).
4. The Domain is listed now under the Directory List, Click Test to verify the connection.
Type AD User name & Password, then Click Test.
Now, re-logon to Prism with your AD Account in format “user@domain.com”
Note: All users in an authorized service directory have full administrator permissions when role mapping is not defined for that directory. However, after creating a role map, any users in that directory that are not explicitly granted permissions through the role mapping are denied access (no permissions).
Assigning Role Permissions
1. In the gear icon pull-down list of the main menu, select Role Mapping.
2. To create a role mapping, click the New Mapping button.
Do the following in the indicated fields Then Click Save.
a. Directory: Select the target directory from the pull-down list.
b. LDAP Type: Select the desired LDAP entity type from the pull-down list.
The entity types are GROUP, USER, and OU.
c. Role: Select the user role from the pull-down list.
There are three roles from which to choose:
• Viewer: This role allows a user to view information only. It does not provide permission to perform
any administrative tasks.
• Cluster Admin: This role allows a user to view information and perform any administrative task
(but not create or modify user accounts).
• User Admin: This role allows the user to view information, perform any administrative task, and
create or modify user accounts.
d. Values: Enter the case-sensitive entity names (in a comma separated list with no spaces) that
should be assigned this role.
The values are the actual names of the organizational units (meaning it applies to all users in
those OUs), groups (all users in those groups), or users (each named user) assigned this role.
Reference: PRISM WEB CONSOLE GUIDE
Nutanix Local Service:
The admin user is created automatically when you get a Nutanix system, but you can add more users as needed.
To create a new user, do the following:
1. In the gear icon pull-down list of the main menu, select User Management.
2. To add a user, click the New User.
3. do the following in the displayed fields:
a. Username: Enter a user name.
b. First Name: Enter a first name.
c. Last Name: Enter a last name.
d. Email: Enter the user email address.
e. Password: Enter a password (maximum of 255 characters).
f. Roles: Assign a role to this user.
There are three options:
• Checking the User Administrator box allows the user to view information, perform any
administrative task, and create or modify user accounts.
Note: Checking this box automatically checks the Cluster Admin box as well to indicate this user has full permissions. However, a user administrator has full permissions regardless of whether the cluster administrator box is checked.)
• Checking the Cluster Administrator box allows the user to view information and perform any
administrative task (but not create or modify user accounts).
• Leaving both boxes unchecked allows the user to view information, but it does not provide permission to perform cluster or user administrative tasks.
g. When all the fields are correct, click the Save.
Directory Service Authentication
1. In the gear icon pull-down list of the main menu, select Authentication.
2.Click the Authentication Types tab and then check the box for Directory Service. After that click Save.
3. Click the Directory List tab and then the New Directory button.
A set of fields is displayed. Do the following in the indicated fields and click Save.
a. Name: Enter a name you choose to identify this directory.
b. Domain: Enter the domain name in DNS format, e.g. “nutanix.com”.
c. Directory URL: Enter the URL address to the directory.
The URL format is as follows for an LDAP entry
ldap://host:ldap_port_num.
ldap://192.168.1.10:389
The host value is either the IP address or fully qualified domain name.
The default LDAP port number is 389. Nutanix also supports LDAPS (port 636) and LDAP/S Global Catalog (ports 3268 and 3269).
4. The Domain is listed now under the Directory List, Click Test to verify the connection.
Type AD User name & Password, then Click Test.
Now, re-logon to Prism with your AD Account in format “user@domain.com”
Note: All users in an authorized service directory have full administrator permissions when role mapping is not defined for that directory. However, after creating a role map, any users in that directory that are not explicitly granted permissions through the role mapping are denied access (no permissions).
Assigning Role Permissions
1. In the gear icon pull-down list of the main menu, select Role Mapping.
2. To create a role mapping, click the New Mapping button.
Do the following in the indicated fields Then Click Save.
a. Directory: Select the target directory from the pull-down list.
b. LDAP Type: Select the desired LDAP entity type from the pull-down list.
The entity types are GROUP, USER, and OU.
c. Role: Select the user role from the pull-down list.
There are three roles from which to choose:
• Viewer: This role allows a user to view information only. It does not provide permission to perform
any administrative tasks.
• Cluster Admin: This role allows a user to view information and perform any administrative task
(but not create or modify user accounts).
• User Admin: This role allows the user to view information, perform any administrative task, and
create or modify user accounts.
d. Values: Enter the case-sensitive entity names (in a comma separated list with no spaces) that
should be assigned this role.
The values are the actual names of the organizational units (meaning it applies to all users in
those OUs), groups (all users in those groups), or users (each named user) assigned this role.
Reference: PRISM WEB CONSOLE GUIDE
No comments:
Post a Comment