How To Connect To A Domain Windows 7
Joining a Windows domain or workgroup
A server-side SteelHead can join a Windows domain or workgroup in the Optimization > Agile Directory: Domain Join page. This page provides a fundamental place for a SteelHead to join a Windows domain or workgroup.
The SteelHead can join a single Windows domain to use these features:
• MAPI Commutation as a hosted service using Agile Directory integrated mode for Windows 2003 and 2008 or later.
RiOS includes an automatic manner to join the domain and deploy the server-side SteelHead in Active Directory integrated mode for Windows 2003 and 2008. For details, see Configuring domain authentication automatically.
Domain and local workgroup settings
You tin can cull between two user authentication modes: domain or local workgroup. Creating a local workgroup eliminates the need to join a Windows domain and simplifies the configuration process, but a workgroup does not back up SMB signing, MAPI 2007 encrypted traffic optimization authentication, or MAPI Exchange equally a hosted service.
You can join a SteelHead to a domain in Active Directory 2008 integrated mode without administrator privileges. For details, see the Riverbed Noesis Base article How to Join SteelHead to Domain as a RODC or BDC without Ambassador privileges at https://supportkb.riverbed.com/support/index?page=content&id=S18097&actp.
Domain mode
In Domain style, you configure the SteelHead to bring together a Windows domain (typically, the domain of your company). When y'all configure the SteelHead to join a Windows domain, you lot do not have to manage local accounts in the co-operative office, as you do in Local Workgroup mode.
Domain fashion allows a domain controller (DC) to cosign users accessing its file shares. The DC tin be located at the remote site or over the WAN at the main information center. The SteelHead must be configured as a Member Server or Active Directory integrated in the Windows 2000 or after Active Directory Services (ADS) domain. Domain users are allowed to use the Kerberos delegation trust facility and NTLM environments for MAPI 2007 encryption or SMB signing based on the access permission settings provided for each user.
In RiOS ix.0, the support for one-fashion trusts includes Windows 7 clients without requiring a registry modify on the Windows 7 client. You must join the server-side SteelHead to the domain using the Active Directory integrated (Windows 2003/2008) style. This style allows the SteelHead to utilize authentication inside the Active Directory environment on the Substitution servers that provide Microsoft Exchange online services. The domain that the server-side SteelHead joins must be either the same as the client user or any domain that trusts the domain of the client user.
Earlier enabling domain mode make sure that you:
• configure the DNS server correctly. The configured DNS server must be the same DNS server to which all the Windows client computers point. To utilize SMB signing, the server-side SteelHead must exist in DNS. For details, see To specify DNS settings.
• take a fully qualified domain name. This domain name must be the domain name for which all the Windows desktop computers are configured.
Local Workgroup manner
In Local Workgroup style, you define a workgroup and add individual users that have access to the SteelHead. The SteelHead does not join a Windows domain.
Use Local Workgroup mode in environments where you do not desire the SteelHead to exist a part of a Windows domain. Creating a workgroup eliminates the need to join a Windows domain and simplifies the configuration procedure.
Note: If you use Local Workgroup mode you must manage the accounts and permissions for the branch office on the SteelHead. The Local Workgroup account permissions might not lucifer the permissions on the origin-file server.
To configure a Windows domain in Local Workgroup mode
1. Select Optimization > Active Directory: Domain Join to display the Domain Join page.
Figure: Domain Join page
two. Nether Domain/Local, select Local Workgroup Settings, click Select, and and then click OK when a dialog asks if you really want to change the setting or reminds y'all to exit the domain before changing the setting.
3. Complete the configuration equally described in this table.
| Command | Description |
| Workgroup Name | Specify a local workgroup name. If you configure in local workgroup way, the SteelHead doesn't need to join a domain. Local workgroup accounts are used by clients when they connect to the SteelHead. Starting with RiOS ix.5, this proper name is not case sensitive. |
| Add a New User | Displays the controls to add a new user to the local workgroup. |
| User | Specify the login to create a local workgroup account so that users tin connect to the SteelHead. |
| Countersign/Countersign Confirm | Specify and confirm the user business relationship countersign. |
| Add | Adds users to the local workgroup. |
| Remove Selected | Removes the selected names. |
4. Click Apply to utilize your settings to the running configuration.
5. Click Salve to salvage your settings permanently.
To configure a Windows domain in Domain mode
1. Select Optimization > Active Directory: Join Domain to display the Domain Bring together page.
ii. Under Domain/Local, click Domain Settings, click Select, and then click OK when a dialog asks if you really want to change the setting.
3. Complete the configuration as described in this table.
| Control | Description |
| Active Directory Domain Name/Realm | Specify the domain in which to make the SteelHead a member. Typically, this is your company domain name. RiOS supports Windows 2000 or subsequently domains. RiOS doesn't support nondomain accounts other than ambassador accounts. If you create Local way shares on a nonadministrator account, your security permissions for the share aren't preserved on the origin-file server. |
| Primary DNS IP Accost | By default, this field displays the primary DNS IP fix in the DNS Settings page. To change this entry, click the IP accost. |
| Join Account Type | Specifies which account type the server-side SteelHead uses to join the domain controller. You can optimize the traffic to and from hosted Exchange servers. You must configure the server-side SteelHead in the Agile Directory integrated way for Windows 2003 or Windows 2008. This allows the SteelHead to use hallmark on the Exchange servers that provide Microsoft Exchange online services. The domain that the server-side SteelHead joins must be either the same every bit the client user or any domain that trusts the domain of the customer user. Be aware that when you integrate the server-side SteelHead in the Active Directory, it doesn't provide any Windows domain controller functionality to any other machines in the domain and doesn't advertise itself as a domain controller or annals any SRV records (service records). In improver, the SteelHead doesn't perform whatsoever replication nor concur any Active Directory objects. The server-side SteelHead has just plenty privileges and so that information technology can accept a legitimate conversation with the domain controller and then utilise transparent manner for NTLM authentication. The Agile Directory integration provides a fashion to optimize NTLM authentication from Windows vii/2008 R2 and newer clients when using transparent way. This scenario is only successful for servers and clients that can brand use of NTLM authentication. The server-side SteelHead joins a domain with DC privileges so uses NTLM pass-through authentication to perform the hallmark. Using transparent way simplifies the configuration. Select one of these options from the drop‑down listing: • Workstation - Joins the server-side SteelHead to the domain with workstation privilege. You lot can join the domain to this business relationship blazon using any ordinary user account that has the permission to join a machine to the domain. This is the default setting. • Active Directory integrated (Windows 2003) - Configures the server-side SteelHead to integrate with the Active Directory domain. If the account for the server-side SteelHead was not already present, information technology's created in organizational unit (OU) domain controllers. If the account existed previously as a domain estimator then its location doesn't modify. You can move the account to a dissimilar OU afterwards. When you lot select Active Directory integrated (Windows 2003), you must specify one or more than domain controller proper noun(south), separated by commas. You lot must have Ambassador privileges to join the domain with active directory integration. Active Directory integration doesn't back up cross-domain authentication where the user is from a domain trusted by the domain to which the server-side SteelHead is joined. • Agile Directory integrated (Windows 2008 and afterwards) - Configures the server-side SteelHead to integrate with the Active Directory domain. This option supports Windows 2008 DCs and higher and supports authentication across domains. If the network contains any domain controllers running Windows 2003 or older operating system versions, you lot must explicitly specify a list of Windows 2008 DCs in the Domain Controller Names field; see the instructions under "Domain Controller Name(s)" in this table for details. |
| Y'all must have Administrator privileges. Additionally, if the user account is in a domain that is dissimilar from the domain to which the bring together is being performed, specify the user business relationship in the format domain\username. Do not specify the user account in the format username@realmname. In this case, domain is the short domain name of the domain to which the user belongs. Even though the SteelHead is integrated with Active Directory, it doesn't provide any Windows domain controller functionality to whatever other machines in the domain. | |
| Domain Login | Specify the login name, which must have domain join privileges. Domain administrator credentials aren't strictly required, except when y'all join the domain as an Active Directory integration. RiOS deletes domain ambassador credentials after the bring together. |
| Countersign | Specify the countersign. This control is example sensitive. |
| Domain Controller Proper noun(s) | Specify the hosts that provide user login service in the domain, separated by commas. (Typically, with Windows 2000 Active Directory Service domains, given a domain name, the organization automatically retrieves the DC proper noun.) Specifying domain controller names is required if you are joining the domain in Active Directory integrated mode 2008 and higher, and the network contains domain controllers running Windows 2003 or older operating system versions. We recommend specifying the domain controller names in environments where there'southward varying latency between the SteelHead and the domain controllers. |
| Short Domain Proper noun | Specify the brusque domain (NetBIOS) proper noun if it doesn't match the first portion of the Agile Directory domain name. Instance matters; NBTTECH is not the aforementioned equally nbttech. |
| Join/Leave | Joins the domain or leaves the domain. Note: If yous are in domain mode and have joined a domain, you can't alter to local workgroup mode until y'all leave the domain. |
| Rejoin | Rejoins the domain. |
| Abolish | Cancels any current domain action that is in progress, such as joining or leaving a domain. |
4. Click Use to use your settings to the running configuration.
five. Click Relieve to salvage your settings permanently.
When you lot have successfully joined the domain, the status updates to In a Domain.
Troubleshooting a domain join failure
This section describes common bug that can occur when joining a Windows domain.
RiOS features a domain health tool to identify, diagnose, and report possible problems with a SteelHead within a Windows domain environment. For details, run into Checking domain health.
Arrangement time mismatch
The number one cause of failing to bring together a domain is a significant difference in the arrangement time on the Windows domain controller and the SteelHead. When the fourth dimension on the domain controller and the SteelHead exercise not match, this error bulletin appears:
lt-kinit: krb5_get_init_creds: Clock skew likewise bully
We recommend using NTP time synchronization to synchronize the client and server clocks. It is critical that the SteelHead time is the same as on the Active Directory controller. Sometimes an NTP server is downwards or inaccessible, in which case there can be a time difference. You tin can likewise disable NTP if it is not being used and manually ready the time. You must likewise verify that the fourth dimension zone is right. For details, see Modifying general host settings.
Note: Select the chief DNS IP address to view the Networking: Host Settings page.
Invalid domain controller IP
A domain join can fail when the DNS server returns an invalid IP accost for the domain controller. When a DNS misconfiguration occurs during an try to bring together a domain, these error letters announced:
Failed to bring together domain: failed to observe DC for domain <domain-name>
Failed to bring together domain: No Logon Servers
Additionally, the Domain Bring together alert triggers and messages similar to these appear in the logs:
Oct 13 14:47:06 bravo-sh81 rcud[10014]: [rcud/master/.ERR] - {- -} Lookup for bravo-sh81.GEN-VCS78DOM.COM Failed
Oct thirteen 14:47:06 bravo-sh81 rcud[10014]: [rcud/main/.ERR] - {- -} Failed to join domain: failed to find DC for domain GEN-VCS78DOM.COM
When yous run into this mistake, choose Networking > Networking > Host Settings and verify that the DNS settings are right.
Related topics
Source: https://support.riverbed.com/bin/support/static/bareuc64849ommgpkotad5efeh/html/47unfev6naqah32c23vka2r1n/sf_edge_5.1_ug_nfs_html/sf_edge_5.1_ug_nfs_html/setupServiceDomain.html
Posted by: mcconnellusithed.blogspot.com
0 Response to "How To Connect To A Domain Windows 7"
Post a Comment