[KB7849] Configure domain connection for ESET PROTECT Virtual Appliance (8.x – 10.x)

 Issue

  • You want to connect the ESET PROTECT Virtual Appliance (VA) to an existing domain in Active Directory

Solution

  1. Initial configuration of ESET PROTECT Virtual Appliance
  2. Using ESET PROTECT VA Management console (after the ESET PROTECT Server VA is already set up)
  3. Using the Webmin management interface (after the ESET PROTECT Server VA is already set up)
Use your domain configuration details!

Substitute the examples below with your data. Examples used below:

  • Windows workgroup: MYDOMAIN
  • Windows domain: mydomain.net
  • Windows domain controller name: w16dc.mydomain.net
  • Windows domain controller IP address: 10.20.30.40
  • Windows domain administrator: Administrator

I. Initial configuration of a new ESET PROTECT Server Virtual Appliance

While configuring a new Virtual Appliance, the following settings are mandatory to use ESET PROTECT VA on a domain:

  • Windows workgroup - A workgroup or NETBIOS domain name for this server.

  • Windows domain - A domain for this server.

  • Windows domain controller - A domain controller for this server. Enter the ESET PROTECT Server fully qualified domain name (FQDN).

  • Windows domain administrator - An account used to join the domain.

  • Windows Domain administrator password - An administrator password used to join the domain.

  • DNS1 - A domain name server for this virtual machine. Type the IP address of the domain controller.
Figure 1-1

II. Using ESET PROTECT VA Management console (after the ESET PROTECT Server VA is already set up)

  1. Open the ESET PROTECT VA Management Console, press ENTER, type the password and then press ENTERENTER.
    Figure 2-1
  2. Select Configure domain.
    Figure 2-2
  3. You will be guided through four configuration files. Press ENTER to edit each configuration file and then press CTRL+X to close the text editor. Press Y to save changes (or N to discard changes).
    1. /etc/hosts
      Hosts file maps hostnames and IP addresses. Add a line to map the IP address and hostname of your domain server, for example:
       
      10.20.30.40 w16dc.mydomain.net

    1. /etc/ntp.conf
      Configure the VA to synchronize its time against the domain controller. Add the following line at the end of the configuration file:

      server w16dc.mydomain.net true

    1. /etc/krb5.conf
      Configure Kerberos - fill in your domain name and domain controller, for example:

      default_realm=MYDOMAIN.NET
      MYDOMAIN.NET = {
                kdc = w16dc.mydomain.net
      }
      .mydomain.net = MYDOMAIN.NET

    1. /etc/samba/smb.conf
      In Samba configuration, make sure that the correct workgroup and realm are set, for example:

      workgroup = MYDOMAIN
      realm = mydomain.net

       
  4. Domain connection is now configured. Run Rejoin Domain from the ESET PROTECT VA menu to initiate domain join. Enter Administrator name and password for domain connection. You may also need to restart the ESET PROTECT VA.
    Figure 2-3

 


III. Using the Webmin management interface (after the ESET PROTECT Server VA is already set up)

  1. Enable Webmin management interface:

    1. Open the ESET PROTECT VA Management Console, press ENTER, type the password and then press ENTER twice.
      Figure 3-1
    2. Select Enable/Disable remote access to enable Webmin on port 10000.

      Figure 3-2

  2. Open the internet browser and log in to the Webmin Management interface of the ESET PROTECT VA.

    Figure 3-3

  3. Set the domain controller and DNS server:

    1. Click Networking Network Configuration → Host Addresses.
      Figure 3-4
    2. Click Add a new host address.
      Figure 3-5
    3. Type the IP Address (10.20.30.40) and Hostname (w16dc.mydomain.net) of the domain controller and click Create.
      Figure 3-6
    4. Click Return to Network Configuration Hostname and DNS Client.
      Figure 3-7
    5. Type the IP address (10.20.30.40) of the domain server in DNS servers. Click Save.
      Figure 3-8
  4. Configure time synchronization with the domain controller:

    1. Click Hardware System Time → Time server sync tab.

    2. In Timeserver hostnames or addresses, type the domain controller hostname (w16dc.mydomain.net). Click Sync and Apply.
      Figure 3-9
  5. Configure the domain connection details:

    1. Click Networking Kerberos5.

    2. Type the Realm (MYDOMAIN.NET), Domain name (put a dot at the beginning: .mydomain.net) and KDC (w16dc.mydomain.net). Select Yes to Use DNS to lookup KDC.

    3. Click Update Configuration.
      Figure 3-10
  6. Configure Samba:

    1. Click Servers Samba Windows File Sharing → Windows Networking.
      Figure 3-11
    2. Type the Workgroup (MYDOMAIN) and click Save.
      Figure 3-12
    3. Click Winbind Options.
      Figure 3-13
    4. Type the domain name into Kerberos realm on domain server (mydomain.net) and click Save.
      Figure 3-14
  7. The domain connection is now configured. Run Rejoin Domain from the ESET PROTECT VA Management Console menu to initiate domain join. Enter Administrator name and password for domain connection. You may also need to restart the ESET PROTECT VA.

    Figure 3-15