User Authentication and Logon

Active Directory supports the following types of user names for authentication.

  • User_name (Authenticate with the default domain or as a local user)
  • DefaultDomain\User_name (Authenticate with the default domain)
  • TrustedDomain\User_name (Authenticate with the trusted domain)

Authentication uses the following guidelines:

  • If you are authenticating using Active Directory, do not add a group to an array with the group type "Distribution."
  • If the array is not a member of an Active Directory domain, then users are authenticated locally on the array. The account must have been created on the array in the Administration: Users and Groups dialog.
  • If you try to authenticate to an array that is a member of an Active Directory domain, you are authenticated against the Active Directory first.
    NOTE: Some built-in users, such as root, admin, and nsupport, are always authenticated locally.

    If authentication to Active Directory fails for reasons other than a password failure, the array attempts to authenticate the user locally. If the local account experiences a password failure or the account does not exist locally, authentication fails.

  • You can enter a username or a combination of DOMAIN\username. If you do not include DOMAIN, the authentication effort uses the default domain; that is, the domain that the array is a member of.
  • The number of repeated failed login attempts allowed depends on the Password lockout setting.
  • A successful login provides you with the GUI and CLI roles and capabilities as defined by the group.
  • If you lose access to the array, the system response depends on whether you are logged in locally or as an Active Directory user. You might receive an error message, or you might be logged out of the array.
    • When a user is removed from an Active Directory group that has access to the array, the user is no longer able to log into the array. Existing login sessions will continue until the user logs out. This is consistent with the behavior of Windows clients and group memberships.
    • After an Active Directory group is removed from the array, users can no longer log into the group. Existing login sessions will continue until the users log out.