Creating Keytab Files For Ads; Ads Server Requirements; Ads Sp Requirements - Sun Microsystems Fire V20z Management Manual

Creating Keytab Files for ADS

To use ADS as a directory service on the SP, you must create an active directory
account. The name service library on the SP uses this account to authenticate itself to
the LDAP interface of the active directory server.

ADS Server Requirements

The ADS server must have Certificate Services and the High Encryption Pack
■
installed.
The Windows administrator must create an Active Directory account and a keytab
■
(for that account) that the SP(s) will use to conduct LDAP queries. You can create
keytab files with the ktpass command that is located in the Microsoft Windows
2000 resource kit:
ktpass -princ <logon>@<domain> -pass <password> -mapuser <logon> -out
<output filename>
Note – The keytab you create with this command can be uploaded to the SP with the scp
command, or can be accessed from an exported file system that is mounted by the SP.
See your Microsoft documentation for details about this command.

ADS SP Requirements

You must configure DNS.
■
■
■
The time on the SP must be accurate to within five minutes of the time on the
■
ADS server (domain controller). When the platform is started, the SP clock syncs
with the platform clock.
You must configure ADS properly. From the SM Console, type:
■
■
■
■
■
■
52 Sun Fire V20z and Sun Fire V40z Servers—Server Management Guide • July 2005
The canonical name of each host must be the fully-qualified host name
(including the domain).
The IP address of each host must reverse-resolve to the canonical name.
The ADS domain.
The ADS server name.
The organization unit (OU) under which the SP searches for group
information.
The ADS logon ID (the name of the account that was created for the SP to use).
The keytab file that was uploaded and installed on the SP.