User's Manual
276 Using the CMC Directory Service
Configuring Active Directory
1
Set up Kerberos realm & Key Distribution Center (KDC) for Active
Directory, if not already configured (ksetup).
NOTE: Ensure a robust NTP and DNS infrastructure to avoid issues with
clock drift & reverse lookup.
2
Create Active Directory users for each CMC, configured to use
Kerberos DES encryption but not pre-authentication.
3
Register the CMC users to the Key Distribution Center with Ktpass
(this also outputs a key to upload to the CMC).
Configuring the CMC
NOTE: The configuration steps described in this section apply only to the CMC's
Web access.
Configure the CMC to use the Standard Schema role group(s) set up in
Active Directory. For more information, see "Configuring Standard Schema
Active Directory to Access CMC" on page 242.
Uploading the Kerberos Keytab File
The Kerberos keytab file serves as the CMC's user name and password
credentials to the Kerberos Data Center (KDC), which in turns allows access
to the Active Directory. Each CMC in the Kerberos realm must be registered
with the Active Directory and must have a unique keytab file.
To upload the keytab file:
1
Navigate to the
User Authentication
tab
Directory Services
subtab.
Ensure that
Microsoft Active Directory Standard
or
Extended Schema
is
selected. If not, select your preference and click
Apply
.
2
Click
Browse
in the
Kerberos Keytab Upload
section, navigate to the
folder where the keytab file is saved and click
Upload
.
When the upload is complete, a message box is displayed indicating
a successful or failed upload.