NimbleOS 5.0.10.0 HelpSearch

User Authentication and Logon

Active Directory supports the following types of usernames for authentication.

  • User_name (Authenticate with the default domain or as a local user)
  • DefaultDomain\User_name (Authenticate with the default domain)
  • TrustedDomain\User_name (Authenticate with the trusted domain)

Authentication uses the following guidelines:

  • If you are authenticating using Active Directory, do not add a group to an array with the group type "Distribution."
  • If the array is not a member of an Active Directory domain, then the user is authenticated locally on the HPE Nimble Storage array. The account must have been created on the array in the Administration: Users and Groups interface.
  • If you try to authenticate to an array that is a member of an Active Directory domain, you are authenticated against Active Directory first.
    Note: Some built-in users, such as root, admin, and nsupport, are always authenticated locally.

    If authentication to Active Directory fails for reasons other than a password failure, the array attempts to authenticate the user locally. If the local account experiences a password failure or the specified account does not exist locally, authentication fails.

  • You can enter a username or a combination of DOMAIN\username. If you do not include DOMAIN, the authentication effort uses the default domain; that is, the domain that the array is a member of.
  • The number of repeated failed login attempts allowed depends on the Password lockout setting.
  • A successful login provides you with the GUI and CLI roles and capabilities as defined by the group.
  • If you lose access to the array, the system response depends on whether you are logged in locally or as an Active Directory user. You might receive an error message, or you might be logged out of the array
    • When a user is removed from an Active Directory group that has access to the array, the user is no longer able to log into the array. Existing login sessions will continue until the user logs out. This is consistent with the behavior of Windows clients and group memberships.
    • After an Active Directory group is removed from the array, users can no longer log into the Nimble group. Existing login sessions will continue until the user logs out of them.
Parent topic: Access Control with Active Directory