Hello and welcome to 2021 – hopefully this year will be somewhat saner and positively inspiring than the last!
This month, I'd like to discuss binding Avid Nexis systems to Active Directory (LDAP). While it's quite simple once you have observed a working setup, I find the instructional steps in the Avid documentation a bit lacking in some information.
The instructions from Avid are quite good, assuming that you know both AD Authentication and Nexis quite well – but if you're unfamiliar with some aspects, it may be challenging – hopefully, these instructions will provide a bit more light into the requirements.
To bind a Nexis to LDAP, there are four crucial steps, in particular order.
- Adding MS DNS entries for Nexis hardware and ensuring all hardware can be pinged by name and in all directions
- Setting external authentication via Nexis web UI
- Run Avid's LDAP Sync Tool (on a client machine) to sync up and choose accounts/groups to share.
- Give AD users access via the Web UI, as you would a local Nexis user.
In more detail..
1. First, open MS Windows DNS Manager, add new host entries for the Nexis Director and Controller.
After adding the hosts (A records), confirm they are visible in the list of machines.
2. In the Nexis web UI, ensure your DNS is set to the master server (Web UI > System > System Setup)
Important note: Now is a great opportunity to set NTP, which is crucial for proper binding and authentication. (Your NTP servers will likely have different IP addresses to what is shown below).
Ensure the Nexis can ping them all – in our case, we ensured we could ping the Nexis Director, Nexis Controller, and Domain Controller from Nexis by both hostname and fully qualified name
In our example:
To do this, we jumped back to the command line on the Nexis and performed test pings.
Now we have confirmed DNS looks solid, we will set the details in the Nexis Web UI > Users > External Authentication
Important note: the Domain Name must be a NETBIOS compliant domain structure (no dots allowed, as these tell applications to distinguish domain and netbios names) – in this example, Domain Name is digistor
The server entry is the fqdn of the AD host – in this example, Server 0 is DSINTSYSDC01.DIGISTOR.NET
We can confirm the above domain name by running the following command on the Domain Controller: 'get-addomain | f1 name,domainmode'
3. Setting the details in the Avid LDAP Sync Tool
Check the Account details of the binding account (DSmaster in this example) with the command 'Get-ADUser DSmaster' – this shows the CN path we require
Now open the LDAP sync tool and log in using the engine name (and Nexis administrator password)
Once in, we fill in the details as below – we could also use the hostname for LDAP if we wanted.
We then chose the groups to sync and potentially individual users within those groups
Then choose 'Synchronise Marked', and agree to add the user(s)
When complete, the application should advise the sync was successful
4. Back to the Nexis Web UI > Users, we should see the new AD user(s) have been added and flagged as 'Remote' – in our example below we can see their password is controlled by the Domain Controller.
Now simply give remote users access to workspaces and privileges as you would any local user.
I hope this rundown is useful for anyone who is wanting to setup their first AD sync with Avid Nexis.
Until next time, stay safe and productive!