User's Manual
Using the CMC With Microsoft Active Directory 243
Configuring Active Directory
1
Set up Kerberos realm & Key Distribution Center (KDC) for Active
Directory, if not already configured (ksetup).
NOTE: Ensure a robust NTP and DNS infrastructure to avoid issues with
clock drift & reverse lookup.
2
Create Active Directory users for each CMC, configured to use
Kerberos DES encryption but not pre-authentication.
3
Register the CMC users to the Key Distribution Center with Ktpass
(this also outputs a key to upload to the CMC).
Configuring the CMC
NOTE: The configuration steps described in this section apply only to the CMC's
Web access.
Configure the CMC to use the Standard Schema role group(s) set up in
Active Directory. For more information, see "Configuring Standard Schema
Active Directory to Access Your CMC."
Uploading the Kerberos Keytab File
The Kerberos keytab file serves as the CMC's user name and password
credentials to the Kerberos Data Center (KDC), which in turns allows access
to the Active Directory. Each CMC in the Kerberos realm must be registered
with the Active Directory and must have a unique keytab file.
To upload the keytab file:
1
Navigate to
Remote Access
→
Configuration
tab
→
Active Directory
subtab.
2
Select
Upload Kerberos Keytab
and click
Next
.
3
On the
Kerberos Keytab Upload
page, navigate to the folder where the
keytab file is saved and click
Apply
.
When the upload is complete, a message box is displayed indicating
a successful or failed upload.
4
When the keytab file uploads successfully, click
Go Back To Active
Directory Main Menu
.