User`s guide
Chapter 15 User Authorization and Access Control 257
Example: Configure Kerberos as a Secondary AD
Server
This example configures Kerberos as a secondary AD. This example takes advantage
of the default values for port (389), the -domain-represented-by option (group),
and the -kdc-port-num option (88).
When configuring Kerberos, be aware of the following syntactical considerations:
■ The kerberos-default-realm and kerberos-default-domain must be
entered in all capital letters
■ the user-dn can be a simple name format, for example joe_user@xsigo.com
■ The formal-user-dn must be in distinguished name format, for example:
■ cn=joe_user,cn=users,dc=xsigo,dc=com
■ Each element of the formal-user-dn must be separated by commas, but no
blank spaces.
add ims ad-server AD2 host-name2.xsigo.com joe@xsigo.com "DC=XSIGO,DC=COM"
-server-mode=secondary kerberos "cn=JOE User,cn=Users,dc=xsigo,dc=com"
XSIGO.COM xsigo.com host-name2.xsigo.com
New password:
New password again:
show ims ad-server AD2
------------------------------------------------------------------
name AD2
descr
host-name host-name2.xsigo.com
state up/up
auth-type kerberos
server-mode secondary
------------------------------------------------------------------
show ims ad-server AD2 -detail
------------------------------------------------------------------
name AD2
descr
host-name host-name2.xsigo.com
port 389
state up/up
error
oper-state-qual normal
user-dn joe_user@xsigo.com
base-dn DC=XSIGO,DC=COM
server-mode secondary
formal-user-dn cn=joe_user,cn=users,dc=xsigo,dc=com
domain-represented-by group
auth-type kerberos