By default, XenServer can only be managed with the local root account.
Nevertheless, in production, it will probably be necessary to delegate some operations to specific users.
Then, it will also be possible to limit their rights according to their user account and and the group to which they belong.
To make this possible, Citrix allows you to join your XenServer server to the Active Directory of your intranet.
To implement the Active Directory authentication on your XenServer server, you will need :
In our case, we used 2 servers :
Here are some important information for setting up Active Directory authentication on your XenServer server :
If your XenServer servers are in a server pool, be aware that it's forbidden to "mix" authentication types.
In other words, all XenServer servers in your server pool must use Active Directory authentication or none will use it.
In summary, you will not be able to enable Active Directory authentication on only a part of the servers of your server pool.
To prevent your XenServer server from becoming inaccessible in the event of a failure of your Active Directory server, XenServer still attempts to authenticate itself :
- locally (to test if the password matches the local root account)
- then, with your Active Directory, if it can be reached.
In other words, if your Active Directory server crashes, you will only be able to connect with the root account of the relevant XenServer server.
Finally, in order for your XenServer server to be able to connect to your Active Directory server, you must allow these ports to output.
Note : this is only an indication, because in our case, no configuration was necessary XenServer to connect to our Active Directory server.
Source : Citrix XenServer 6.5 Service Pack 1 Administrator's Guide (starting from page 3).
By default, XenServer has 6 roles that allow you to apply specific permissions to a user and/or a group.
In XenServer version 6.5.0, you will find these 6 roles :
As shown at the top of the "Select Roles" window, each role in the list inherits the rights available through the roles listed below it.
Finally, be aware that these roles can be assigned to Active Directory users, but also to Active Directory groups.
If a user receives several different roles (one for his user account and another for the Active Directory group to which he belongs), XenServer will assign the role with the most permissions to this user. (As you will see later in this tutorial)
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2020 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.