In our demo lab we provide a read-only account to customers to look at our live Nutanix block. What we did recently to enhance that user experience was to tie in their AD account into our Nutanix block.
Here’s how we did it:
Solution
-The cluster must be added to an Active Directory domain before configuring role mappings.
The command “ncli authconfig create-directory” will add the system into active directory (This can also be done via the gui).
To configure role mappings, the command “ncli authconfig add-role-mapping” is used.
The roles that can be assigned are…
ROLE_CLUSTER_ADMIN
ROLE_USER_ADMIN
ROLE_CLUSTER_VIEWERThe below example will map the group IT-managers to a cluster administrator role…
ncli authconfig add-role-mapping name=production_domain type=group values=IT-managers role=ROLE_CLUSTER_ADMIN
Syntax info
Name — This is the name of the configured domain (can list this with “ncli authconfig list-directory”)
Type — Specify “user” or “group”
Values — name of the user or group being added. You specify multiple users/groups using comma as a separator
Role — The role you want to specify
Speak Your Mind