To enable Foldr to function correctly, search the directory service and also provide more advanced capabilities such as password change control and file sharing, the Foldr administrator must provide the system with domain based service accounts. Multiple service accounts can be configured within Appliance >> Service Accounts.
It is recommended that you create accounts on your network specifically for this task, rather than use existing accounts. These accounts should ideally:
- Have a complex password configured
- Have the ‘password never expires’ flag enabled.
- Have the minimum permissions required to enable correct functionality.
- Be restricted from logging onto domain computers. This can be done centrally via Group Policy using the ‘Deny Logon Locally’ option under Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\
Main Service Account (Appliance Operations):
Once a service account has been created, the main system service account can be configured within General >> Configuration. Each configured share service account can be set at the bottom of the Share Configuration screen (within Shares >> Add New Share / Edit)
The main system service account is used by Foldr to Search the domain and also to control password changes for users, if this option is enabled. A standard account that is solely a member of ‘Domain Users’ has sufficient privileges to perform these actions.
Now that the appliance has been configured to authenticate against Active Directory (or other LDAP service) and a service account has been created / selected, you can test authentication using the ‘Test Settings’ tab found within General >> Test Settings.
Enter a domain username and password (ideally with a home folder configured) and click the Test Settings button. If Foldr is able to successfully authenticate the user and connect to the home folder, the following dialog will be displayed:
If there is an issue with any step in this process it will be highlighted by the test procedure.