Active Directory Authentication

Procedure

1. Select Active directory authentication check box

2. Click on Add AD Server button

3. Specify Domain Name
4. Specify User Group or Groups
5. Select “Use DNS” or “Configure AS Server manually”
6. Check “Use SSL” if needed
7. If “Configure AS Server manually” is selected, specify AD host name or IP address
8. Specify AD port
9. Press ‘Save’ button to save your settings

info

The following steps are required if SSL is enabled:

10. Import AD certificate or root CA into Java Runtime trusted keystore. Keystore has default password changeit.

Linux

   /opt/flowintegrator/java/jre/bin/keytool -import -trustcacerts -alias ADName -file AD.crt -keystore /opt/flowintegrator/java/jre/lib/security/cacerts -storepass changeit

Windows

   C:\Program Files\NetFlow Logic\NetFlow Optimizer\java\jre\bin\keytool.exe -import -trustcacerts -alias ADName -file AD.crt -keystore C:\Program Files\NetFlow Logic\NetFlow Optimizer\java\jre\lib\security\cacerts -storepass changeit

Where ADName and AD.crt are certificate name and file name respectively.

11. Restart NFO Tomcat if certificate has been imported.

Linux

Restart NFO Tomcat (see Working with NFO Service)

Windows

Restart NFO Tomcat using Windows Services

note

For troubleshooting please check error messages in NFO GUI and/or log file logs/nf2sl.log. Logs trace level can be changed in this file /opt/flowintegrator/tomcat/webapps/ROOT/WEB-INF/classes/log4j2.xml. Uncomment the following line:

<Logger name="com.netflowlogic.nf2sl.service.security" level="trace"/>

Restart NFO Tomcat after changing trace level. Login again using AD user.