5 0 0:Configuring Database-Based Authentication: Difference between revisions

From SEPsesam
(In progress.)
mNo edit summary
Line 73: Line 73:
[[Image:Authentication_sub_group.jpg|450px|link=]]
[[Image:Authentication_sub_group.jpg|450px|link=]]
<br clear=all>
<br clear=all>
{{note|If you want to combine LDAP/AD, you have to use the external groups. Add the group from LDAP/AD and select '''Based on group''' option to map to this particular SEP sesam group.}}
<li>Under the '''Users''' tab, click '''Create''' to configure a new user. The ''Create User'' window opens.</li>
<li>Under the '''Users''' tab, click '''Create''' to configure a new user. The ''Create User'' window opens.</li>
<li>Specify a name, password and assign a user to the relevant group, for example, ''RESTORE''.</li>
<li>Specify a name, password and assign a user to the relevant group, for example, ''RESTORE''.</li>
[[Image:Authentication_create_user.jpg|450px|link=]]
[[Image:Authentication_create_user.jpg|450px|link=]]
<br clear=all>
<br clear=all>
{{note|If you want to combine LDAP/AD, you have to use the external groups. Add the group from LDAP/AD and select '''Based on group''' option to map to this particular SEP sesam group.}}
<li>A user can be a member of one or more groups. Under the '''Groups''' tab, double-click the relevant group and select or deselect the users to assign them to the respective group or remove them from it.</li>
<li>A user can be a member of one or more groups. Under the '''Groups''' tab, double-click the relevant group and select or deselect the users to assign them to the respective group or remove them from it.</li>
[[Image:Permission_management_groups.png|450px|link=]]
[[Image:Permission_management_groups.png|450px|link=]]

Revision as of 13:27, 26 April 2018

Copyright © SEP AG 1999-2024. All rights reserved.

Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.

Draft.png WORK IN PROGRESS
This article is in the initial stage and may be updated, replaced or deleted at any time. It is inappropriate to use this document as reference material as it is a work in progress and should be treated as such.


Docs latest icon.png Welcome to the latest SEP sesam documentation version 4.4.3 Grolar. For previous documentation version(s), check Documentation archive.


Overview

SEP sesam provides different authentication methods that are mutually exclusive: policy-based authentication and database-based authentication which can be combined with Lightweight Directory Access Protocol (LDAP) or/and Active Directory. Only one (policy-based or database-based authentication) can be active at any time. By default, policy-based authentication is active.

Activating database-based authentication has to be done via GUI to set the administrator password. Once SEP sesam GUI Server and Client are restarted, the administrator is able to configure default user access rights that are based on predefined user type. These are:

  • Admin: The only user role with full control over the SEP sesam.
  • Operator: Can monitor the whole environment.
  • Restore: Only allowed to start restores.

You can further configure authorization based on user roles, introduced in Grolar.

Note that the displayed GUI components depend on the user type. For details on GUI elements, see SEP sesam GUI.

Prerequisite

  • Make sure that the reverse DNS resolution (from IP address to host name) is set up correctly. If the name resolution for the selected host is not correct, the connection to the GUI server fails. For details, see How to check DNS configuration.

Activating database-based authentication in GUI

  1. In the GUI, from the menu bar select Configuration ‐> Permission Management.
  2. Click Activate Authentication. Set up the password for the Administrator user; note that this is the only way to set the administrator's password.
  3. Authentication activate.png
  4. After activating the authentication mode and confirming your action, SEP sesam GUI will restart automatically. You have to restart SEP sesam Server manually for the changes to take effect.
  5. Authentication restart.png
  6. Optionally, you can enable LDAP or/and Active Directory to ...
    By enabling LDAP ...
    By enabling AD ...
    Authentication LDAP AD.jpg
  7. Log in as an administrator to configure the users and add them to relevant group. By default, the following user types are available: Admin, Operator, Restore.
  8. You can create your own subgroups (e.g., SUB_ADMIN) to grant users more specific roles. Under the Groups tab, click Create to configure a new subgroup. The Sub Group window opens.
  9. Specify a group name and from the drop-down list select the relevant role to be applied to the whole group: Admin, ReadOnly, Restore, or SuperUser.
  10. File:Authentication sub group.jpg
    Information sign.png Note
    If you want to combine LDAP/AD, you have to use the external groups. Add the group from LDAP/AD and select Based on group option to map to this particular SEP sesam group.
  11. Under the Users tab, click Create to configure a new user. The Create User window opens.
  12. Specify a name, password and assign a user to the relevant group, for example, RESTORE.
  13. File:Authentication create user.jpg
  14. A user can be a member of one or more groups. Under the Groups tab, double-click the relevant group and select or deselect the users to assign them to the respective group or remove them from it.
  15. Permission management groups.png
  16. Now you can configure ACLs (access control lists) to specify which users or groups are granted access to location (group of clients) or a specific client. For details, see Using Access Control Lists.
Information sign.png Note

When activating database-based authentication via GUI, parameter authEnabled is changed to true in the sm.ini file. Setting the flag to false enables policy-based authentication and deactivates database-based authentication.

Deactivating database-based authentication

  1. In the GUI, from the menu bar select Configuration ‐> Permission Management -> tab Activation.
  2. Click Deactivate Authentication.
  3. After deactivating the authentication mode and confirming your action, SEP sesam GUI will restart automatically. You have to restart SEP sesam Server manually for the changes to take effect.
  4. Now policy-based authentication is enabled and the flag authEnabled is set to false in the sm.ini file.

See also

About Authentication and AuthorizationUsing Access Control ListsConfiguring Policy-Based Authentication