User's Manual
Chapter 3 Configuring Your Library
Working With User Accounts
Scalar i500 User’s Guide 98
Fill in the following Kerberos fields in addition to all the LDAP fields:
•
Realm — The Kerberos realm name, typed in all uppercase letters.
Usually the realm name is the DNS domain name.
•
KDC (AD Server) — The server on which Kerberos is installed.
•
Domain Mapping — The domain portion of the library’s fully qualified
domain name.
•
Service Keytab — Click the Browse button to select the service keytab
file. The service keytab file is a file you generate on your Kerberos
(AD) server. To generate the file, follow these instructions:
Generating the Service Keytab file
3
1 Set up an Active Directory domain on the Windows 2003 server.
2 At the command prompt, enter
dcpromo.
3
Windows 2003 servers only: Install Windows Support Tools on the
Windows 2003 server as follows:
a Go to www.microsoft.com
and search for “windows server 2003
support tools sp2” or click on the following link:
http://www.microsoft.com/downloads/details.aspx?FamilyID
=96a35011-fd83-419d-939b-9a772ea2df90&DisplayLang=en
b Download both support.cab and suptools.msi.
c Run
suptools.msi to begin installation.
4 Create a computer account in Active Directory.
• Do not select any of the checkboxes during creation.
• The account name will be used for <computer account> fields
shown in the following steps.
5 At the command prompt, map SPN to the computer account. Use the
following format:
setspn -A library/<fqdn of library> <computer account>
For example:
setspn -A library/delos.dvt.mycompany.com kerbtest