Active Directory Authentication
Procedure
Select
Active directory authenticationcheck boxClick on
Add AD Serverbutton
Specify Domain Name
Specify User Group or Groups
Select “Use DNS” or “Configure AS Server manually”
Check “Use SSL” if needed
If “Configure AS Server manually” is selected, specify AD host name or IP address
Specify AD port
Press ‘Save’ button to save your settings
info
The following steps are required if SSL is enabled:
- Import AD certificate or root CA into Java Runtime trusted keystore. Keystore has default password changeit.
- Linux
- Windows
/opt/flowintegrator/java/jre/bin/keytool -import -trustcacerts -alias ADName -file AD.crt -keystore /opt/flowintegrator/java/jre/lib/security/cacerts -storepass changeit
C:\Program Files\NetFlow Logic\NetFlow Optimizer\java\jre\bin\keytool.exe -import -trustcacerts -alias ADName -file AD.crt -keystore C:\Program Files\NetFlow Logic\NetFlow Optimizer\java\jre\lib\security\cacerts -storepass changeit
Where ADName and AD.crt are certificate name and file name respectively.
- Restart NFO Tomcat if certificate has been imported.
- Linux
- Windows
Restart NFO Tomcat (see Working with NFO Service)
Restart NFO Tomcat using Windows Services
note
For troubleshooting please check error messages in NFO GUI and/or log file logs/nf2sl.log. Logs trace level can be changed in this file /opt/flowintegrator/tomcat/webapps/ROOT/WEB-INF/classes/log4j2.xml. Uncomment the following line:
<Logger name="com.netflowlogic.nf2sl.service.security" level="trace"/>
Restart NFO Tomcat after changing trace level. Login again using AD user.