Skip to end of metadata
Go to start of metadata

Introduction

In this type of authentication mechanism, an user account is authenticated against an external Active Directory server. Accounts with this type of authentication are also known as external accounts.

Prerequisites

  1. Active Directory service must be accessible from FileCloud (IP and Port must be accessible)

  2. Active Directory must support Simple Authentication Method (Anonymous or Name/Password Authentication Mechanism of Simple Bind)

  3. Active Directory users must have email attribute.

  4. FileCloud version must be 4.0 or higher.

Note

  • The AD user will count towards FileCloud License only after the user account logs into FileCloud. or if a user from AD is explicitly imported by Admin.

Enabling AD Authentication in FileCloud

  1. Log into the FileCloud Administration Portal

  2. Click on  Settings in the left navigation panel

  3. Click on Authentication tab

  4. Under Authentication Settings, change the Authentication Type to "ACTIVEDIRECTORY" using the dropdown box. This will enable the "Active Directory Settings" group.

  5. Enter the following information and be sure to hit "Save" once all the settings are entered.

AD Configuration Parameters

To connect FileCloud with your AD environment, you need to know certain connection parameters.

To figure out these AD parameters, please refer to the following documentation

 

 

Setting
Description
AD HostREQUIRED FIELD: This is the IP address or host name of the AD server.
AD PortREQUIRED FIELD: This is the port to be used to connect to AD server. The default is 389 and most AD servers work using port 389.
Use TLS(OPTIONAL) Enable this checkbox if your AD server requires clients to use TLS to connect
Use SSL(OPTIONAL) Enable this checkbox if your AD server requires clients to use SSL to connect. NOTE: Additional change required.
Users have same UPN Account SuffixesIf you have users with same UPN Suffixes throughout your AD, then you can just enable this checkbox and set the AD Account suffix. Otherwise disable the checkbox and set the AD Logon Name Prefix.
AD Account Suffix

NOTE: If you have users with different userPrincipal suffixes this should be left blank and AD Logon Name Prefix should be set instead. See Mixed AD Authentication support.

REQUIRED FIELD: The userPrincipal name suffix for your domain, the part after the username in the dropdrown.

You can also see the Account Suffix by running the following query in the command line in the AD server


dsquery * <FULLY QUALIFIED NAME> -scope base -attr sAMAccountName userPrincipalName


You can get the <FULLY QUALIFIED NAME> using the command below:

dsquery user -name <LOGON NAME>



AD Base DN

REQUIRED FIELD:

The base DN for your domain. Your base dn can be located in the extended attributes in Active Directory Users and Computers MMC.

You can also see the Base DN by running the following query in the command line in the AD server.

dsquery user -name <LOGON NAME>

 

NOTE: DO NOT ENTER WITH QUOTES 

Mail Attribute

REQUIRED FIELD: FileCloud requires use account to have an associated email id. Typically the name of this attribute in AD is "mail". If a user account has no mail attribute associated, then login into FileCloud will be disallowed. If "mail" attribute is present, but the login fails, then check the Base DN to ensure it is accurate and is without quotes.

Limit Login to AD

Group

(OPTIONAL)If you want to limit the login to a specific AD group, specify the group members here (Typically this is left blank)

NOTE: If this field is set, then ensure that the account name specified in "AD Account Name" field is part of this AD Group

AD Account NameREQUIRED FIELD: A valid account name is required here in order for FileCloud to perform queries into AD server. This can be any account that can access the AD server. NOTE: Use username and not email id in this field
AD Account passwordREQUIRED FIELD: A password for the AD account name entered.

Use Admin Account

for Binding

(OPTIONAL) Enable this checkbox if your AD does not allow Anonymous Binding. Enabling this checkbox will enable the "AD Service Account Name" and "AD Service Account Password" text boxes

AD Service Account

Name

(OPTIONAL)

Provide the service account name to be used to bind with the AD server

AD Service Account

Password

(OPTIONAL)

Service account password to be used to bind with the AD server

To connect to Active Directory over SSL, please follow the steps mentioned here.

Make sure the settings are SAVED before trying the AD Tests to verify connectivity

 

Test AD Connectivity 

Once all data is entered and saved, the AD settings can be validated using the AD Test button.


 

The following tests can be done.

  1. Validate the AD setting.
    1. This will perform basic connectivity tests with the AD server. If this fails, then check your AD settings to ensure all the data is present and is accurate.
  2. List Groups
    1. Once AD settings is validated, the "List Groups" will show the list of groups read from the server.  To view list members of a group, select a group row and click on 'Select' button.
      This will populate the "Group Members" text box.



       
  3. Get Group Members
    1. This will retrieve and list the group members of a group. A group name can be also entered here directly without selecting from the "Group List" popup of the previous step.
      NOTE: the group members are NOT automatically added to FileCloud.
  4. Verify User Access
    1. A specific user login/password can be verified using this test.
    2. Verify that "Get Email ID" returns the correct email address for a user account from AD. If a valid email address is not returned, then FileCloud cannot import the user account.

 

 

 

 

  • No labels