Activatie Active Directory Single Sign-On

Hieronder staan de stappen om Wildix users te koppelen aan MS Active Directory.

  • Go to Active Directory Users and Computers -> Computers
  • Create a new computer account. Note, that this account should not contain a user with the same name

Active Directory create keytab.png

  • To create KeyTab file and check spn (service principal name) binding to the computer account, run the following commands with Domain Admin privileges:
ktpass -princ HTTP/some-name.example.com@EXAMPLE.COM -mapuser some-name$@EXAMPLE.COM -crypto ALL -ptype KRB5_NT_SRV_HST +rndpass -out d:\some-name.keytab
Reset SOME-NAME$'s password [y/n]? y
setspn -Q HTTP/some-name.example.com

where 

some-name$@EXAMPLE.COM - the computer's name in the asset directory (with $)

+ rndpass - the password that is generated for the computer account, where the domain is written in capital letters

If HTTP / some-name.example.com is bound to several computers or users, authentication of Kerberos will not work

  • When KeyTab is generated, it appears on the disk - d: \ some-name.keytab:

Created keytab.png

 

 

 

 

Was dit artikel nuttig?
Aantal gebruikers dat dit nuttig vond: 0 van 0