Authenticating users with Active Directory
We have understood that if you want to have multiple user accounts and manage different levels of access for these users on a server or a pool, you must use Active Directory. This lets XenServer users log in to a pool using their Windows domain credentials. Before discovering how to enable Active Directory authentication, we have to introduce some concepts regarding authentication.
Access is controlled by the use of subjects. A subject in XenServer maps to an entity on your Active Directory server. This entity can be either a user or a group belonging to your Active Directory domain. When external authentication is enabled, the credentials used to create a session are first checked against the local root credentials (in case your directory server is unavailable) and then against the subject list. To permit access, you must create a subject entry for the person or group you wish to grant access to. This can be done using XenCenter or the xe CLI....
