Issue
- You want to connect the ESET PROTECT Virtual Appliance (VA) to an existing domain in Active Directory
Solution
- Initial configuration of ESET PROTECT Virtual Appliance
- Using ESET PROTECT VA Management console (after the ESET PROTECT Server VA is already set up)
- Using the Webmin management interface (after the ESET PROTECT Server VA is already set up)
I. Initial configuration of a new ESET PROTECT Server Virtual Appliance
While configuring a new Virtual Appliance, the following settings are mandatory to use ESET PROTECT VA on a domain:
- Windows workgroup - A workgroup or NETBIOS domain name for this server.
- Windows domain - A domain for this server.
- Windows domain controller - A domain controller for this server. Enter the ESET PROTECT Server fully qualified domain name (FQDN).
- Windows domain administrator - An account used to join the domain.
- Windows Domain administrator password - An administrator password used to join the domain.
- DNS1 - A domain name server for this virtual machine. Type the IP address of the domain controller.
II. Using ESET PROTECT VA Management console (after the ESET PROTECT Server VA is already set up)
- Open the ESET PROTECT VA Management Console, press ENTER, type the password and then press ENTER → ENTER.
- Select Configure domain.
- You will be guided through four configuration files. Press ENTER to edit each configuration file and then press CTRL+X to close the text editor. Press Y to save changes (or N to discard changes).
- /etc/hosts
Hosts file maps hostnames and IP addresses. Add a line to map the IP address and hostname of your domain server, for example:
10.20.30.40 w16dc.mydomain.net
- /etc/ntp.conf
Configure the VA to synchronize its time against the domain controller. Add the following line at the end of the configuration file:server w16dc.mydomain.net true
- /etc/krb5.conf
Configure Kerberos - fill in your domain name and domain controller, for example:default_realm=MYDOMAIN.NET
MYDOMAIN.NET = {
kdc = w16dc.mydomain.net
}
.mydomain.net = MYDOMAIN.NET
- /etc/samba/smb.conf
In Samba configuration, make sure that the correct workgroup and realm are set, for example:workgroup = MYDOMAIN
realm = mydomain.net
- /etc/hosts
- Domain connection is now configured. Run Rejoin Domain from the ESET PROTECT VA menu to initiate domain join. Enter Administrator name and password for domain connection. You may also need to restart the ESET PROTECT VA.
III. Using the Webmin management interface (after the ESET PROTECT Server VA is already set up)
- Enable Webmin management interface:
- Open the ESET PROTECT VA Management Console, press ENTER, type the password and then press ENTER twice.
- Select Enable/Disable remote access to enable Webmin on port 10000.
Figure 3-2
- Open the ESET PROTECT VA Management Console, press ENTER, type the password and then press ENTER twice.
- Open the internet browser and log in to the Webmin Management interface of the ESET PROTECT VA.
Figure 3-3
- Set the domain controller and DNS server:
- Click Networking → Network Configuration → Host Addresses.
- Click Add a new host address.
- Type the IP Address (10.20.30.40) and Hostname (w16dc.mydomain.net) of the domain controller and click Create.
- Click Return to Network Configuration → Hostname and DNS Client.
- Type the IP address (10.20.30.40) of the domain server in DNS servers. Click Save.
- Click Networking → Network Configuration → Host Addresses.
- Configure time synchronization with the domain controller:
- Click Hardware → System Time → Time server sync tab.
- In Timeserver hostnames or addresses, type the domain controller hostname (w16dc.mydomain.net). Click Sync and Apply.
- Click Hardware → System Time → Time server sync tab.
- Configure the domain connection details:
- Click Networking → Kerberos5.
- Type the Realm (MYDOMAIN.NET), Domain name (put a dot at the beginning: .mydomain.net) and KDC (w16dc.mydomain.net). Select Yes to Use DNS to lookup KDC.
- Click Update Configuration.
- Click Networking → Kerberos5.
- Configure Samba:
- Click Servers → Samba Windows File Sharing → Windows Networking.
- Type the Workgroup (MYDOMAIN) and click Save.
- Click Winbind Options.
- Type the domain name into Kerberos realm on domain server (mydomain.net) and click Save.
- Click Servers → Samba Windows File Sharing → Windows Networking.
-
The domain connection is now configured. Run Rejoin Domain from the ESET PROTECT VA Management Console menu to initiate domain join. Enter Administrator name and password for domain connection. You may also need to restart the ESET PROTECT VA.