Issue
- You want to connect the ESET PROTECT Virtual Appliance (VA) to an existing domain in Active Directory
Solution
- Initial configuration of ESET PROTECT Virtual Appliance
- Using ESET PROTECT VA Management console
- Using the Webmin management interface
I. Initial configuration of ESET PROTECT Virtual Appliance
While configuring a new Virtual Appliance (VA), the following settings are mandatory to use ESET PROTECT VA on a domain:
- Windows workgroup: A workgroup or NETBIOS domain name for this server.
- Windows domain: A domain for this server.
- Windows domain controller: A domain controller for this server. Type the ESET PROTECT Server fully qualified domain name (FQDN).
- Windows domain administrator: An account used to join the domain.
- Windows Domain administrator password: An administrator password used to join the domain.
- DNS1: A domain name server for this virtual machine. Type the IP address of the domain controller.
II. Using ESET PROTECT VA Management console
After you set up your ESET PROTECT Virtual Appliance, continue with the following steps:
-
Open the ESET PROTECT VA Management Console, press Enter, type the password and press Enter → Enter.
-
Select Configure domain.
-
You will be guided through four configuration files. Press Enter to edit each configuration file, then press CTRL+X to close the text editor. Press Y to save changes (or N to discard changes).
-
/etc/hostsThe hosts file maps hostnames and IP addresses. Add a line to map the IP address and hostname of your domain server, for example:
10.20.30.40 w16dc.mydomain.net -
/etc/ntp.confConfigure the VA to synchronize its time against the domain controller. Add the following line at the end of the configuration file:
server w16dc.mydomain.net true -
/etc/krb5.confConfigure Kerberos - fill in your domain name and domain controller, for example:
default_realm=MYDOMAIN.NET MYDOMAIN.NET = { kdc = w16dc.mydomain.net } .mydomain.net = MYDOMAIN.NET -
/etc/samba/smb.confIn Samba configuration, ensure that the correct workgroup and realm are set, for example:
workgroup = MYDOMAIN realm = mydomain.net
-
-
Domain connection is now configured. Select Rejoin domain in the ESET PROTECT VA menu to initiate domain join. Type the administrator name and password for the domain connection. You may also need to restart the ESET PROTECT VA.
III. Using the Webmin management interface
After you set up your ESET PROTECT Virtual Appliance and configured the domain, continue with the following steps:
-
Open the ESET PROTECT VA Management Console. Press Enter, type the password, then press Enter → Enter.
-
Select Enable/Disable remote access to enable Webmin on port 10000.
-
Open your internet browser and log in to the Webmin Management interface of the ESET PROTECT VA.
-
Set the domain controller and DNS server. Click Networking → Network Configuration → Host Addresses.
-
Click Add a new host address.
-
Type the IP Address (
10.20.30.40) and Hostname (w16dc.mydomain.net) of the domain controller, and click Create.
-
Click Network configuration → Hostname and DNS Client.
-
In DNS servers, type the IP address of the domain server (
10.20.30.40). Click Save.
-
Configure time synchronization with the domain controller:
- Click Hardware → System Time → Time server sync
- In Timeserver hostnames or addresses, type the domain controller hostname (
w16dc.mydomain.net) - Click Sync and Apply
-
Configure the domain connection details:
- Click Networking → Kerberos5
- Type:
- Realm:
MYDOMAIN.NET - Domain name:
.mydomain.net(type a period at the beginning) - KDC:
w16dc.mydomain.net
- Realm:
- In the Use DNS to lookup KDC field, select Yes
- Click Update Configuration
-
In the ESET PROTECT VA Management Console menu, select Rejoin domain to initiate domain join. Type the administrator name and password for the domain connection. You may also need to restart the ESET PROTECT VA.
