Submit a ticketCall us

Bridging the ITSM Divide
Integrated help desk and remote support software for faster resolution

Join us on Wednesday, November 29, 2017 at 11 a.m. CT, as we discuss the benefits of effectively integrating your help desk software with remote support solutions to help increase the efficiency of IT administration, improve communication, and decrease mean time to resolution (MTTR) for IT issues of all sizes. This directly impacts end-user satisfaction and your business’ bottom line. Register Now.

Home > Success Center > Virtualization Manager (VMAN) > VMAN 8.0 Administrator Guide > Configure advanced settings > Configure authentication servers

Configure authentication servers

On the Authentication Server configuration page you can configure the Active Directory (AD) servers (Domain Controller), or LDAP servers that are used to authenticate AD or LDAP users.

You can configure multiple authentication servers based on the domain prefix you specify. You can configure a default domain entry, or configure an entry for each domain prefix.

Virtualization Manager also supports the use of mixed-mode authentication.

Add an Active Directory authentication server

  1. Click Setup > Advanced Setup > Authentication Server, and click Add.
  2. From Authentication Type, select Active Directory.
  3. Select the domain for the authentication server:
    • To use this server as the authentication server for users who log in to Virtualization Manager without specifying a domain prefix, click Use for all accounts.
    • To use this server as the authentication server for users who specify a domain prefix, click Use for this domain only, and enter the specific domain in the text field. The domain name prefix is case-sensitive.
  4. In the Server field, enter the IP address of the AD server.
  5. In the Port field, enter the port used for AD authentication. The default port is 389.
  6. Enter, in all uppercase, the realm configuration name that was used when setting up the AD server. You can obtain the realm name from your AD administrator.
  7. Optionally, provide a description for the AD server.
  8. To test the IP address of the server for connectivity, select Validate Connections.
  9. Click Save.
  10. To automatically add the users who log in to SolarWinds Virtualization Manager as authorized users, select Automatically create new users accounts.

    If you do not select this option, you must manually create user entries in SolarWinds Virtualization Manager for your users before they can log in. Create a user identically named as the AD user with a blank password.
    For example, if Bob Smith's AD user name is bsmith, create a bsmith user in SolarWinds Virtualization Manager with no password. Make sure Local Auth is not enabled for that user.

Add an LDAP authentication server

  1. Click Setup > Advanced Setup > Authentication Server, and click Add.
  2. From Authentication Type, select LDAP.
  3. Select the domain for the authentication server:
    • To use this server as the authentication server for users who log in to Virtualization Manager without specifying a domain prefix, click Use for all accounts.
    • To use this server as the authentication server for users who specify a domain, click Use for this domain only, and enter the specific domain in the text field.
  4. In the Server field, type the IP address of the LDAP server.
  5. In the Port field, type the port used for LDAP authentication. The default port is 3268.
  6. Optionally, provide a description for the LDAP server.
  7. To test the IP address of the server for connectivity, select Validate Connections.
  8. In the Search Filter field, type the LDAP query filter you want to use to map user accounts to the LDAP server entries. For example, (cn=*).
  9. In the Search Base field, type the portion of the directory tree you want to search for LDAP users. For example, dc=example,dc=com.
  10. In the Bind User field, specify a user with LDAP search permissions. The bind user is used to connect to the LDAP server. For example, user@example.com.
  11. In the Bind Password field, enter the password of the bind user. You can obtain the bind user ID and bind password from your LDAP administrator.
  12. Click Save.
  13. To automatically add the users who log in to SolarWinds Virtualization Manager as authorized users, select Automatically create new users accounts.

    If you do not select this option, you must manually create user entries in SolarWinds Virtualization Manager for your users before they can log in. Create a user identically named as the LDAP user with a blank password.
    For example, if Bob Smith's LDAP user name is bsmith, create a bsmith user in SolarWinds Virtualization Manager with no password. Make sure Local Auth is not enabled for that user.

Troubleshoot Active Directory authentication

If you cannot log in, check the log file, and look for the error message:

[http-8080-5] INFO com.hyper9.security.auth.Hyper9AuthLoginModule:121 - Login failed: Clock skew too great (37).

This error occurs when there is more than five minutes difference between the system times of the client machine and the Content Engine server. Make sure you synchronize the time on both systems.

Synchronize the time of the AD or LDAP server and the SolarWinds Virtualization Manager server

For security reasons, you must synchronize the system times of the SolarWinds Virtualization Manager server and the AD or LDAP server. Authentication fails if the two clocks differ by more than five minutes.

If you deployed SolarWinds Virtualization Manager on Microsoft Windows, you can synchronize the system time from the Internet Time tab of the Date and Time dialog box.

If you deployed the virtual appliance, the built-in NTP server support automatically maintains time synchronization.

Optionally, customize the NTP synchronization settings in Virtualization Manager.

  1. Log in to the Management console at https://applianceHostName:5480.
  2. Click SolarWinds Mgmt.
  3. If you have recently upgraded and the NTP Status is empty, click Restart ntpd.
  4. Click Edit Configuration.
  5. Select ntp.conf, and click Edit.
  6. Customize the NTP settings, and click Save.
 
Last modified

Tags

Classifications

Public