This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Astaro on Active Directory

We've got a client site where their Astaro is joined to the Active Directory domain and uses the Domain Administrator password in some way. We are looking at changing the Domain Administrator simply as a secure practice but are hesitant here because we do not know what this will do to the Astaro.

Will it cease to function?
Will it lock down all traffic?
Will it lock down no traffic?

All outcomes are equally bad in this case.

It might just be a simple solution, it might not. I wanted to check here for any thoughts before we did this.

This thread was automatically locked due to age.

0 BAlfson over 15 years ago

Yes, changing the password on the domain controller will cause the Astaro to be unable to authenticate against the AD. For example, if you are using AD-SSO mode in the HTTP Proxy, people won't be able to browse until you change the password for the bind user in the authentication server definition. In this case, you don't need to worry about the 'Single Sign-On' tab because the Astaro is already joined to the domain.

You don't necessariy need to use the domain admin account for the bind user, so maybe it's worth creating another account used only by the Astaro for authentication, and replacing the present one in the Astaro:
The bind user must have sufficient privileges to obtain all relevant user object information from the Active Directory server in order to authenticate users...

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel