Active Directory Authentication

Procedure

  1. Click on icon on the right side of the navigation bar and check Active directory authentication

  2. Click on Add AD Server button

  3. Specify Domain Name

  4. Specify User Group

  5. Select “Use DNS” or “Configure AS Server manually”

  6. Check “Use SSL” if needed

  7. If “Configure AS Server manually” is selected, specify AD host name or IP address

  8. Specify AD port

  9. Press ‘Save’ button to save your settings

The following steps are required if SSL is enabled:

  • Import AD certificate or root CA into Java Runtime trusted keystore. Keystore has default password changeit.

Linux
Windows
Linux
/opt/flowintegrator/java/jre8/bin/keytool -import -trustcacerts -alias ADName -file AD.crt -keystore /opt/flowintegrator/java/jre8/lib/security/cacerts -storepass changeit
Windows
C:\Program Files\NetFlow Logic\NetFlow Optimizer\java\jre8\bin\keytool.exe -import -trustcacerts -alias ADName -file AD.crt -keystore C:\Program Files\NetFlow Logic\NetFlow Optimizer\java\jre8\lib\security\cacerts -storepass changeit

Where ADName and AD.crt are certificate name and file name respectively.

  • Restart NFO Tomcat if certificate has been imported.

Linux
Windows
Linux

Restart NFO Tomcat (see Working with NFO Service)

Windows

Restart NFO Tomcat using Windows Services

For troubleshooting please checklogs/nf2sl.log. Logs trace level can be changed in the /opt/flowintegrator/tomcat/webapps/ROOT/WEB-INF/classes/log4j.xml file. Following lines should be added after last <category> section and before <root> section:

<category name="com.netflowlogic.nf2sl.service.security.ADAuthenticationProvider">
<priority value="TRACE" />
</category>
  • Restart NFO Tomcat after changing trace level.