account used to join ap to domain

  • 1
  • Question
  • Updated 4 years ago
  • Answered
Does the account used to join an AP to a domain need to stay the same, i.e. should I setup a service account where the password doesn't expire, or can I just use my personal domain admin account and when the password is changed periodically it doesn't break anything?
Basically what I'm asking is once an AP is joined to a domain, does it ever need those credentials again. There's an option to "Save Credentials", which is a bit confusing if, does it need to save them or does it not? I'm also trying to limit the number of users in our "Domain Admins" group, so if a dedicated account isn't needed, i'd like to get rid of it. Thanks
Mark
Photo of Mark Johnston

Mark Johnston

  • 2 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Kell Van Daal

Kell Van Daal

  • 9 Posts
  • 1 Reply Like
The account does not need to stay the same. It's used when adding the AP to the domain, just like how a Windows computer gets added to the domain.
The "Save Credentials" is there for when you need to add another AP to the domain, so it can automatically use those credentials.

So yes, you can use your personal domain admin account and you don't necessarily have to "Save Credentials".
Photo of Brian Ambler

Brian Ambler

  • 245 Posts
  • 126 Reply Likes
Hi Mark,

Hopefully the HiveManager Help can shed some light on your question
Domain Admin Credentials to Join Domain

Domain Admin: Enter the name that the Aerohive RADIUS server uses to log in to the Active Directory server and add itself as a computer in an organizational unit in the domain. The name must be for a domain user, and must have rights to create a computer in the domain, or create a computer in an organizational unit in the domain. It can be up to 32 characters long.

Password: Enter the password that the Aerohive RADIUS authentication server submits when joining an Active Directory domain. The password must exactly match the password entered for the user account defined on the Active Directory server for the Aerohive RADIUS authentication server. It can be up to 64 characters long. To ensure accuracy, enter the password again in the Confirm Password field. To see the text string that you type, clear the Obscure Password check box.

After you enter the appropriate domain administrator credentials, click Join and Save or Join and Discard. The former option saves the domain admin credentials on HiveManager after successfully joining the domain whereas the latter clears them. Choose the option that best satisfies your security policy. When you click one of the two Join options, the Aerohive RADIUS server attempts to add itself to the domain. If it is successful, the following message appears: "The Aerohive RADIUS server successfully joined the Active Directory domain." In addition, the settings to define domain user credentials for user authentication appears.

  • The admin user name and password are not required so that HiveManager does not have to store them in its configuration. Instead, the Active Directory admin can enter the following CLI command on the Aerohive RADIUS server to join it to the domain: exec aaa net-join { primary | backup1 | backup2 | backup3 } username <admin_username> password <admin_password>
Hope this helps
(Edited)
Photo of Mark Johnston

Mark Johnston

  • 2 Posts
  • 0 Reply Likes
Perfect, that clears it up. Thanks for the response.
Mark