User's Manual
272 Using the CMC Directory Service
NOTE: The cmcname.domainname.com must be lower case as required
by RFC and the REALM name, @REALM_NAME must be uppercase. In addition the
CMC supports the DES-CBC-MD5 type of cryptography for Kerberos authentication.
This procedure produces a keytab file that you must upload to the CMC.
NOTE: The keytab contains an encryption key and must be kept secure. For more
information on the ktpass utility, see the Microsoft website at:
technet2.microsoft.com/windowsserver/en/library/64042138-9a5a-4981-84e9-
d576a8db0d051033.mspx?mfr=true.
Configuring the CMC
NOTE: The configuration steps described in this section apply only to the CMC's
Web access.
Configure the CMC to use the Standard Schema role group(s) set up in
Active Directory. For more information, see "Configuring Standard Schema
Active Directory to Access CMC" on page 242.
Uploading the Kerberos Keytab File
The Kerberos keytab file serves as the CMC's user name and password
credentials to the Kerberos Data Center (KDC), which in turns allows access
to the Active Directory. Each CMC in the Kerberos realm must be registered
with the Active Directory and must have a unique keytab file.
To upload the keytab file:
1
Navigate to the
User Authentication
tab
Directory Services
subtab.
Ensure that
Microsoft Active Directory Standard
or
Extended Schema
is
selected. If not, select your preference and click
Apply
.
2
Click
Browse
on the
Kerberos Keytab Upload
section, navigate to the
folder where the keytab file is saved and click
Upload
.
When the upload is complete, a message box is displayed indicating a
successful or failed upload.