Privileges required for effective EMC Isilon auditing
Certain minimum privileges are required to ensure the effective functioning of ADAudit Plus while auditing your EMC Isilon nodes. Create a dedicated ADAudit Plus Isilon user account and provide it with the below privileges.
For discovering zones,
- Provide these privileges with read-only access
- ID: ISI_PRIV_LOGIN_SSH
- ID: ISI_PRIV_AUTH
- ID: ISI_PRIV_NETWORK
Alternatively, you can provide these privileges from within the Isilon UI:
Navigate to the Access tab, select Membership and Roles, click on Roles and assign Auth, SSH and Network roles.
- Ensure that Smart Connect Zone (SC Zone) is configured for all the zones to be audited. The domain must be the Authentication Provider (lsa-activedirectory-provider) for the zone.
- Verify that the cluster name or cluster DNS name is mapped to the node's IP address.
- Secure Shell (SSH) must be enabled on port 22 on the Isilon cluster to be audited.
For discovering shares in a zone
The user configured under domain settings for the authentication provider must have read permission to the shares.
Don't see what you're looking for?
Visit our community
Post your questions in the forum.
Request additional resources
Send us your requirements.
Need implementation assistance?