Active Directory Server


There are features and functions used in Arista NetVisor UNUM and Insight Analytics that are common throughout the user interface (UI). Please refer to the Common Functions section for more information on the use of these functions and features.


The following example details connecting NetVisor UNUM to a corporate Active Directory Windows Server.


Prerequisites


To configure NetVisor UNUM to use Active Directory (AD), you need the following information in advance.


Type – AD

Server URL – The AD Server and type of connection supported, either LDAPS (secure) or LDAP (non-secure), and the port numbers assigned to these servers, typically 636 and 389, respectively.

Domain – The domain name associated with the AD Server.

User Search Filter – The required User Search Filter.


AD Server Settings


Example Settings


Type: AD

Server URL: win-2019-kp.radiowindermere.com (or the IP address) on Port 389

Domain: radiowindermere.com

User Search Filter: (&(objectClass=user)(userPrincipalName={0}))


Usage Note:

After the initial configuration phase, you can test the connection using the built-in NetVisor UNUM test feature. However, this is only a pass/fail test and does not provide any troubleshooting information.

Arista Networks recommends using a third-party LDAP tool or OS commands to access and view the AD server or service provider to review the structure and required parameters.


NetVisor UNUM AD Configuration


After confirming the login settings proceed to add the AD Server or service provider to NetVisor UNUM selecting Menu Bar → → Auth Server from NetVisor UNUM.


The following dashboard displays when first configuring an Authentication Server if no previous servers exist.




Add Authentication Server


Click the Add Auth Server button to begin.


Enter the information for your server or service provider. 


Example Information


Server URL = Type, Server Name and Port

Type = AD

Hostname = win-2019-kp.radiowindermere.com (or IP address)

Port = 389 (using a non secure AD connection)

Domain = radiowindermere.com

User Search Filter = (&(objectClass=user)(userPrincipalName={0}))



OS Commands


In the following example, running the ldapsearch command on Linux or macOS returns useful information regarding the AD service structure.


ldapsearch -x -b "cn=users,dc=radiowindermere,dc=COM" -H ldap://win-2019-kp.radiowindermere.com -D "cn=ldap_admin,cn=users,dc=radiowindermere,dc=COM" -w <password> -v



The data presented corresponds to the Windows AD information presented on the Windows Server.



The Edit AD Server entries align with the ldapsearch data obtained from the command output.


After entering the settings, click Update, and the AD Service displays in the dashboard.



Enter an AD user account name and the associated password and click Test


Arista Networks recommends testing with an admin-level account initially.


However, any qualified AD user account is acceptable for testing purposes. 


Using the User Search Filter, a search for an AD user account begins.



Enter the AD user name and associated password and click Test.


NetVisor UNUM returns a Success or Fail message.



If the selected user name does not exist or the password is incorrect, NetVisor UNUM returns a "failed" message. 



As previously stated, this is only a pass/fail test, which does not provide any troubleshooting information.


If you encounter a failure, try re-entering the user name and password


The ldapsearch command, described above, provides useful information to aid in troubleshooting.


Note:

1)

If the test fails, carefully review all settings.

2)

Verify the Server name is resolvable. Use the IP address in place of the Server name.

3)

If using the IP address works, verify the DNS settings and ping the server using the FQDN.


Edit AD Settings


Use the Cog icon and select Edit to make changes to the AD Server settings.




Click Update to save the revised settings.


Logging in to NetVisor UNUM


After the AD account verification is successful, login into NetVisor UNUM using AD credentials. In the following example, the AD user name is "sjones."




Once logged into NetVisor UNUM, the AD user is assigned a User Role and can view NetVisor UNUM dashboards.


Note the AD user name (illustrated in red for example purposes).




Note: NetVisor UNUM assigns an AD account to a User Role, and they do not appear in the Local User Management dashboard.




LDAP User Roles: 

NetVisor UNUM currently supports two roles, User and Local Admin. NetVisor UNUM assigns all LDAP or AD users to the User Role in NetVisor UNUM.

NetVisor UNUM ignores any assigned LDAP or AD roles.

Please refer to Manage Users for more information about these roles. 


Troubleshooting Tools


There are numerous tools to aid in troubleshooting AD connectivity problems. 


However, first and foremost, verify all settings are correct and match your AD Service Provider or AD Server requirements.


Some of the tools that exist include:


OS Tools


LDAPSEARCH - Unix, Linux, macOS

TCPDump - Unix, Linux, macOS


Windows Tools


LDP.EXE

Active Directory Explorer

Active Directory Users and Computers


Third-Party Tools


LDAP Admin (UI-based tool)

TCPDUMP for Windows


The above is not an exhaustive list and only intended to provide you with several options readily available to assist in troubleshooting LDAP connectivity issues.

north
    keyboard_arrow_up
    keyboard_arrow_down
    description
    print
    feedback
    support
    business
    rss_feed
    south