Configuring audit clients for Active Directory

Before you begin

About this task

Perform this procedure for each Admin Node in a StorageGRID Webscale deployment from which you want to retrieve audit messages.
Note: Audit export through CIFS/Samba is deprecated in StorageGRID Webscale 11.1, and will be removed in a future StorageGRID Webscale release. See information for upgrading StorageGRID Webscale for more details.

Steps

  1. From the service laptop, log in to the primary Admin Node:
    1. Enter the following command: ssh admin@primary_Admin_Node_IP
    2. Enter the password listed in the Passwords.txt file.
    3. Enter the following command to switch to root: su -
    4. Enter the password listed in the Passwords.txt file.
      When you are logged in as root, the prompt changes from $ to #.
  2. Confirm that all services have a state of Running or Verified: storagegrid-status
    If all services are not Running or Verified, resolve issues before continuing.
  3. Return to the command line, press Ctrl+C.
  4. Start the CIFS configuration utility: config_cifs.rb
    ---------------------------------------------------------------------
    | Shares                 | Authentication         | Config          |
    ---------------------------------------------------------------------
    | add-audit-share        | set-authentication     | validate-config |
    | enable-disable-share   | set-netbios-name       | help            |
    | add-user-to-share      | join-domain            | exit            |
    | remove-user-from-share | add-password-server    |                 |
    | modify-group           | remove-password-server |                 |
    |                        | add-wins-server        |                 |
    |                        | remove-wins-server     |                 |
    ---------------------------------------------------------------------
  5. Set the authentication for Active Directory: set-authentication
    In most deployments, you must set the authentication before adding the audit client. If authentication has already been set, an advisory message appears. If authentication has already been set, go to step 6.
    1. When prompted for Workgroup or Active Directory installation: ad
    2. When prompted, enter the name of the AD domain (short domain name).
    3. When prompted, enter the domain controller’s IP address or DNS host name.
    4. When prompted, enter the full domain realm name.
      Use uppercase letters.
    5. When prompted to enable winbind support, type y.
      Winbind is used to resolve user and group information from AD servers.
    6. When prompted, enter the NetBIOS name.
    7. When prompted, press Enter.
      The CIFS configuration utility is displayed.
  6. Join the domain:
    1. If not already started, start the CIFS configuration utility: config_cifs.rb
    2. Join the domain: join-domain
    3. You are prompted to test if the Admin Node is currently a valid member of the domain. If this Admin Node has not previously joined the domain, enter: no
    4. When prompted, provide the Administrator’s username: administrator_username

      where administrator_username is the CIFS Active Directory username, not the StorageGRID Webscale username.

    5. When prompted, provide the Administrator’s password: administrator_password

      were administrator_password is the CIFS Active Directory username, not the StorageGRID Webscale password.

    6. When prompted, press Enter.

      The CIFS configuration utility is displayed.

  7. Verify that you have correctly joined the domain:
    1. Join the domain: join-domain
    2. When prompted to test if the server is currently a valid member of the domain, enter: y

      If you receive the message “Join is OK,” you have successfully joined the domain. If you do not get this response, try setting authentication and joining the domain again.

    3. When prompted, press Enter.

      The CIFS configuration utility is displayed.

  8. Add an audit client: add-audit-share
    1. When prompted to add a user or group, enter: user
    2. When prompted to enter the audit user name, enter the audit user name.
    3. When prompted, press Enter.

      The CIFS configuration utility is displayed.

  9. If more than one user or group is permitted to access the audit share, add additional users: add-user-to-share
    A numbered list of enabled shares is displayed.
    1. Enter the number of the audit-export share.
    2. When prompted to add a user or group, enter: group

      You are prompted for the audit group name.

    3. When prompted for the audit group name, enter the name of the audit user group.
    4. When prompted, press Enter.

      The CIFS configuration utility is displayed.

    5. Repeat step 9 for each additional user or group that has access to the audit share.
  10. Optionally, verify your configuration: validate-config
    The services are checked and displayed. You can safely ignore the following messages:
    • Can't find include file /etc/samba/includes/cifs-interfaces.inc
    • Can't find include file /etc/samba/includes/cifs-filesystem.inc
    • Can't find include file /etc/samba/includes/cifs-interfaces.inc
    • Can't find include file /etc/samba/includes/cifs-custom-config.inc
    • Can't find include file /etc/samba/includes/cifs-shares.inc
    • rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
      Attention: Do not combine the setting 'security=ads' with the 'password server' parameter. (by default Samba will discover the correct DC to contact automatically).
    1. When prompted, press Enter to display the audit client configuration.
    2. When prompted, press Enter.

      The CIFS configuration utility is displayed.

  11. Close the CIFS configuration utility: exit
  12. If the StorageGRID Webscale deployment is a single site, go to step 13.

    or

    Optionally, if the StorageGRID Webscale deployment includes Admin Nodes at other sites, enable these audit shares as required:
    1. Remotely log in to a site’s Admin Node:
      1. Enter the following command: ssh admin@grid_node_IP
      2. Enter the password listed in the Passwords.txt file.
      3. Enter the following command to switch to root: su -
      4. Enter the password listed in the Passwords.txt file.
    2. Repeat steps 4 through 11 to configure the audit shares for each Admin Node.
    3. Close the remote secure shell login to the Admin Node: exit
  13. Log out of the command shell: exit