Integrating a Nutanix Cluster with Active Directory shows how to integrate Nutanix Cluster with AD for authentication purposes. In this article, we are using a Nutanix Community Edition (CE) version:
First and foremost, why integrate your cluster with Active Directory?
The answer can be simple: The Microsoft Active Directory is a directory service used by many customers worldwide.
Configuration Steps – Preparing the AD domain
Since your Active Directory domain was installed, creating organization units (OUs) to segment the domain objects is an option. In our case, for instance, our domain name is “lab.local,” and we have created some OUs to organize our domain objects, as we can see in the following picture:
Note: This is an optional step; you do not have to create it if you can not!
Inside the “USERS” OU, we have created a user “nutanix_srv”. This is a service user and will be used for the Nutanix Cluster to read all directory objects into the Active Directory domain:
Note: This user does not have admin rights to the ad domain. It is a regular user (this user only needs permission to read all directory objects).
Afterward, we have created two additional users (user01 and user02) and two additional groups (NTNX_ADMINS and NTNX_READ_ONLY):
The “user01” was placed into the group “NTNX_ADMINS”.
The “user02” was placed into the group “NTNX_READ_ONLY”.
Adding a New Directory on Nutanix Cluster
The following configuration step is to add a directory service on Nutanix Cluster.
Access the Menu –> Settings –> Under Users and Roles on the Prism Element interface, select Authentication –> Directory List –> “+ New Directory”:
Under the tab “Directory List”, type all information like the following pictures:
Scroll down the configuration page and type the service account credentials. In this case, for instance, we are typing the domain user that we have created before:
After saving, our directory is been added successfully:
Creating Role Mappings
After adding a directory service, we must create role mappings. Role mapping is a configuration that matches a user or group from the directory service to a specific role or authorization in the Nutanix environment. Simply put, we will configure a user or group’s permission.
Under the “Users and Roles” menu, click on Role Mapping –> New Mapping:
The first role mapping is to provide “Cluster Admin” permission to the “NTNX_ADMINS” Active Directory Group:
The second role mapping is to provide “Viewer” permission to the “NTNX_READ_ONLY” Active Directory Group:
Afterward, we have created our role mappings 🙂
Accessing the Prism Element with AD credential
To access the Prism Element UI with an AD credential, we must type the username in the following way:
ad_username@ad_domain
That’s it 😉