How do i configure the Backup Server to use Active Directory or LDAP authentication

How do i configure the Backup Server to use Active Directory or LDAP authentication

NovaBACKUP xSP / Remote Workforce

BackupServer.ini

Section: [Configuration]

Key: Authentication

Description: Authentication Type

Possible values:

NT-PDC

NT-LOCAL

LDAP

NNW-Authentication

OFF

Key: LDAP Address

Description: Required if using LDAP Authentication

Key: LDAP Port

Description: Required if using LDAP Authentication

Default Value: 389

Key: LDAP Base DN

Description: Required if using LDAP Authentication

Key: LDAP Authentication DN

Key: LDAP Auth Password

Key: ActivDir2000Mode

Description: Should be set to 1 if the LDAP Server is a Windows 2000 Server with Active Directory Services.

Possible values:

0 - Off

1 - On

User Authentication

Since the Backup Server is highly integrated with the Windows security model, it performs client authentication through Windows 2000/2003, a Microsoft Site Server Membership Directory or a standard LDAP database (including Windows Active Directory).

For Windows Authentication, users can be authenticated on the local Windows system (workstation or stand-alone server) or the Windows Primary Domain Controller for the domain specified in the Windows server installation. Windows authentication is achieved using the challenge/response method (commonly referred to as NTLM), which is the most secure method of authenticating users.

For Membership Authentication, users can be authenticated using the clear-text/basic method or the challenge/response method (commonly referred to as DPA). The clear-text/basic method is the common method for authenticating users against the Membership Directory.

For LDAP authentication, users must supply a username and password to be authenticated against an LDAP database. Therefore, existing credentials may not be used with this authentication method.

NOTE:

If LDAP authentication uses Windows Active Directory, in order for the Backup Server to make anonymous queries to Active Directory, you must assign read access to the Everyone group.

To enable anonymous access:

1. In the Active Directory Users and Computers console, if Advanced Features is not enabled, on the View menu, click Advanced Features.
2. Right-click on the container to which you want to provide anonymous access (e.g. Users)
3. Click Properties, click the Security tab, and then click Advanced.
4. In the Permission Entries box, if the Everyone group is not listed, click Add. In the Name column, click Everyone, and then click OK.
5. In the Permission Entry for Everyone, click View/Edit, and then click the Properties tab.
6. In the Apply Onto list, click User objects.
7. In the Permissions list, in the Allow column, click Read General Information, and then click OK.
8. On every security warning message that appears (if any), click Yes.
9. In the Access Control Settings dialog box, click OK.

Note: All user accounts should have "Allow inheritable permissions from parent to propagate to this object" checked (Security tab).

Authentication options

This indicates how Backup Clients are authenticated when they connect to the Backup Server. The Backup Server is highly integrated with the Windows security model. The choices are:

Use Windows Local Authentication

If this option is selected, authentication will be performed against the Windows User Accounts Database on the local server. This is achieved through Challenge/Response mechanism often referred to as NTLM (Windows NT Lan Manager) authentication. This type of authentication will attempt to use the current Windows logon credentials before requiring that a password be entered.

Use Windows Domain Authentication

If this option is selected, authentication will be performed against the Windows User Accounts Database on the Primary Domain Controller. This is achieved through a Challenge/Response mechanism often referred to as NTLM (Windows NT Lan Manager) authentication. This type of authentication will attempt to use the current Windows logon credentials for the domain before requiring that a password be entered.

Use Membership Authentication (Clear-text/Basic)

If this option is selected, authentication will be performed against the Microsoft Site Server Membership Directory. In this authentication method, the client always sends the supplied credentials (user name and password) to the server. The credentials are always transmitted in an encrypted manner. This is the most common method used for authenticating users against the Membership Directory.

Use Membership Authentication (Challenge/Response)

If this option is selected, authentication will be performed against the Microsoft Site Server Membership Directory. This is achieved through a Challenge/Response mechanism often referred to as DPA (Distributed Password Authentication). This type of authentication will attempt to use the current Windows logon credentials before requiring that a password be entered.

LDAP Authentication

If this option is selected, authentication will be performed against a standard LDAP database (including Windows 2000 Active Directory). The LDAP server address and port number must be configured, along with the base distinguished name that the LDAP database will be searched against. This type of authentication requires that a specific username and password be supplied.

Backup Server User Account Configuration

When setting up user accounts on the Storage Server with Windows Authentication, only do not need to specify a password for the account, as that will be referenced from the domain.