protocol domain-auth auto-conf easy-auth
Enables an automated domain authentication configuration process for the server-side SteelHead.
Syntax
protocol domain-auth auto-conf easy-auth conf-type <conf-type> adminuser <name> adminpass <adminpass> join-domain <domain> dc <dc-name> [join-type {win2k8-mode | win2k3-mode}] [short-name <name>]
Parameters
conf-type <conf-type> | Specifies a configuration type or a comma-separated list for the automated configuration: • emapi - Encrypted MAPI • smbsigning - SMB signing • smb2signing - SMB2 signing • smb3signing - SMB3 signing • all - Encrypted MAPI, SMB signing, SMB2 signing, and SMB3 signing |
adminuser <name> | Specifies the username of the domain administrator. |
adminpass <password> | Specifies the password of the domain administrator. The password is case sensitive. |
join-domain <name> | Specifies the fully qualified domain name of the Active Directory domain in which to make the SteelHead a member. |
dc <dc-name> [ | Specifies the name of the domain controller to contact. |
join-type | Specifies the join account type by which the server-side SteelHead can join the Windows domain in one of the following roles: • win2k8-mode - Specifies Active Directory integrated mode (Windows 2008 and later). • win2k3-mode - Specifies Active Directory integrated mode (Windows 2003). This is the default setting. |
short-name <name> | Specifies a short domain name. Typically, the short domain name is a substring of the realm. In rare situations, this is not the case, and you must explicitly specify the short domain name. Case matters; NBTTECH is not the same as nbttech. The short domain name is required if the NetBIOS domain name does not match the first portion of the Active Directory domain name. |
Usage
The protocol domain-auth auto-conf easy-auth command simplifies the server-side SteelHead configuration for domain authentication. By entering only one command, you can perform these steps:
• Test the DNS configuration.
• Join the server-side SteelHead to the domain in AD integrated Windows 2008 (and later) mode or AD integrated Windows 2003 mode.
• Enable secure protocol optimization such as SMB signing.
• Optionally, configure a deployed replication user in Active Directory with the necessary privileges.
To integrate the server-side SteelHead appliance into Active Directory, you must configure the mode when you join the SteelHead appliance to the Windows domain. The protocol domain-auth auto-conf easy-auth command configures the server-side SteelHead appliance in Active Directory integrated mode for Windows 2003 or Windows 2008 to enable secure protocol optimization for CIFS SMB1, SMB2/3, and encrypted MAPI for all clients and servers.
When you configure the server-side SteelHead appliance in integrated Active Directory mode, the server-side SteelHead appliance does not provide any Windows domain controller functionality to any other machines in the domain and does not advertise itself as a domain controller or register any service records. In addition, the SteelHead appliance does not perform any replication nor hold any AD objects. When integrated with the Active Directory, the server-side SteelHead appliance has just enough privileges so that it can have a legitimate conversation with the domain controller and then use transparent mode for NTLM authentication.
Use the show protocol domain-auth auto-conf easy-auth command to verify if the domain authentication configuration is successful.
For details, see the SteelHead Management Console User’s Guide and the SteelHead Deployment Guide - Protocols.
Example
amnesiac (config) # protocol domain-auth auto-conf easy-auth conf-type all adminuser chiefadmin adminpass chief327 join-domain central.company.com dc exchange-dc join-type win2k8-mode
Product
SteelHead CX, SteelHead EX, SteelHead-v, SteelHead-c
Related Commands