Privileges required for effective EMC Isilon auditing

Certain minimum privileges are required to ensure the effective functioning of ADAudit Plus while auditing your EMC Isilon nodes. Create a dedicated ADAudit Plus Isilon user account and provide it with the below privileges.

For discovering zones,

• Provide these privileges with read-only access
  • ID: ISI_PRIV_LOGIN_SSH
  • ID: ISI_PRIV_AUTH
  • ID: ISI_PRIV_NETWORK

  Alternatively, you can provide these privileges from within the Isilon UI:

  Navigate to the Access tab, select Membership and Roles, click on Roles and assign Auth, SSH and Network roles.

  

• Ensure that Smart Connect Zone (SC Zone) is configured for all the zones to be audited. The domain must be the Authentication Provider (lsa-activedirectory-provider) for the zone.
• Verify that the cluster name or cluster DNS name is mapped to the node's IP address.
• Secure Shell (SSH) must be enabled on port 22 on the Isilon cluster to be audited.

For discovering shares in a zone

The user configured under domain settings for the authentication provider must have read permission to the shares.