User's Manual
Using the CMC With Microsoft Active Directory 239
NOTE: The cmcname.domainname.com must be lower case as required
by RFC and the REALM name,
@REALM_NAME must be uppercase. In addition the
CMC supports the DES-CBC-MD5 type of cryptography for Kerberos authentication.
This procedure produces a keytab file that you must upload to the CMC.
NOTE: The keytab contains an encryption key and must be kept secure. For more
information on the ktpass utility, see the Microsoft website at:
technet2.microsoft.com/windowsserver/en/library/64042138-9a5a-4981-84e9-
d576a8db0d051033.mspx?mfr=true.
Configuring the CMC
NOTE: The configuration steps described in this section apply only to the CMC's
Web access.
Configure the CMC to use the Standard Schema role group(s) set up in
Active Directory. For more information, see "Configuring Standard Schema
Active Directory to Access Your CMC."
Uploading the Kerberos Keytab File
The Kerberos keytab file serves as the CMC's user name and password
credentials to the Kerberos Data Center (KDC), which in turns allows access
to the Active Directory. Each CMC in the Kerberos realm must be registered
with the Active Directory and must have a unique keytab file.
To upload the keytab file:
1
Navigate to
Remote Access
→
Configuration
tab
→
Active Directory
subtab.
2
Select
Upload Kerberos Keytab
and click
Next
.
3
On the
Kerberos Keytab Upload
page, navigate to the folder where the
keytab file is saved and click
Apply
.
When the upload is complete, a message box is displayed indicating a
successful or failed upload.
4
When the keytab file uploads successfully, click
Go Back To Active
Directory Main Menu
.