Client Systems; Cmc; Prerequisites For Single Sign-On Or Smart Card Login; Generating Kerberos Keytab File - Dell PS-M4110 User Manual

Firmware version 4.3

Hide thumbs Also See for PS-M4110:

Manual (22 pages)

Hardware owner's manual (60 pages)

Installation manual (70 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

Table of Contents

Client Systems

•

For only Smart Card login, the client system must have the Microsoft Visual C++ 2005 redistributable. For more

information see www.microsoft.com/downloads/details.aspx?FamilyID=

32BC1BEEA3F9-4C13-9C99-220B62A191EE&displaylang=en

•

For Single Sign-On or smart card login, the client system must be a part of the Active Directory domain and

Kerberos Realm.

CMC

•

CMC must have firmware version 2.10 or later.

•

Each CMC must have an Active Directory account.

•

CMC must be a part of the Active Directory domain and Kerberos Realm.

Prerequisites For Single Sign-On Or Smart Card Login

The pre-requisites to configure SSO or Smart Card logins are:

•

Setup the kerberos realm and Key Distribution Center (KDC) for Active Directory (ksetup).

•

A robust NTP and DNS infrastructure to avoid issues with clock drift and reverse lookup.

•

Configure CMC with Active Directory standard schema role group with authorized members.

•

For smart card, create Active Directory users for each CMC, configured to use Kerberos DES encryption but not

pre-authentication.

•

Configure the browser for SSO or smart card login.

•

Generating Kerberos Keytab File

Configuring Browser For Smart Card Login

Generating Kerberos Keytab File

To support the SSO and smart card login authentication, CMC supports Windows Kerberos network. The ktpass tool

(available from Microsoft as part of the server installation CD/DVD) is used to create the Service Principal Name (SPN)

bindings to a user account and export the trust information into a MIT-style Kerberos keytab file. For more information

on the ktpass utility, see the Microsoft website.

Before generating a keytab file, you must create an Active Directory user account for use with the -mapuser option of

the ktpass command. You must use the same name as the CMC DNS name, to which you upload the generated keytab

file.

To generate a keytab file using the ktpass tool:

132

Table of Contents

Show Quick Links

Quick Links:
CMC Port Information

Hide quick links:

Table of Contents

Troubleshooting

This manual is also suitable for:

Chassis management controller

Client Systems; Cmc; Prerequisites For Single Sign-On Or Smart Card Login; Generating Kerberos Keytab File - Dell PS-M4110 User Manual

Client Systems

CMC

Prerequisites For Single Sign-On Or Smart Card Login

Generating Kerberos Keytab File

Hide quick links:

Troubleshooting

Related Manuals for Dell PS-M4110

Related Content for Dell PS-M4110

This manual is also suitable for:

Table of Contents