Configuring Your Library
file:///T|/htdocs/stor-sys/ML6000/en/html/ch04.htm[9/17/2012 1:49:29 PM]
Note: For step-by-step instructions on configuring LDAP on the library, see your library's online Help. To access the
online Help system, click the Help icon at the top right of the Web client.
You can view, enable, and configure LDAP settings from the library Web client. You cannot use the operator panel to configure
LDAP settings.
The path to open the appropriate screen is as follows:
• From the Web client, select Setup > User Management > Remote Authentication.
Configuring Kerberos
Use Kerberos if you want extra security with remote authentication.
Make sure that both the library and the Kerberos/Active Directory
®
server are set to the same time (within 5 minutes).
Otherwise, the authentication will fail. It is recommended that you use Network Time Protocol (NTP) to synchronize the time
between the library and the Kerberos server. See
Setting the Date and Time Using the Network Time Protocol.
Fill in the following Kerberos fields in addition to all the LDAP fields:
• Realm — The Kerberos realm name, typed in all uppercase letters. Usually the realm name is the DNS domain name.
Example: MYCOMPANY.COM
• KDC (AD Server) — The key distribution center (in other words, the server on which Kerberos/Active Directory is
installed).
Example: mycompany.com:88
• Domain Mapping — The domain portion of the library's fully qualified domain name.
Example: mycompany.com
• Service Keytab — Click the Browse button to select the service keytab file. The service keytab file is a file you
generate on your Kerberos/Active Directory server. See
Generating the Service Keytab file.
You can view, enable, and configure Kerberos settings from the Web client. You cannot use the operator panel to configure
Kerberos settings.
The path to open the appropriate screen is as follows:
• From the Web client, select Setup > User Management > Remote Authentication.
Generating the Service Keytab file
These instructions are for generating the service keytab file for use with Microsoft® Active Directory®. If you not using Active
Directory, refer to your Kerberos vendor for instructions on generating this file.
1 Set up an Active Directory domain on the Windows server.
2 If Active Directory is not already configured, run dcpromo.
3 Windows 2003 servers only: install Windows Support Tools on the Windows 2003 server as follows:
a Go to www.microsoft.com and search for "windows server 2003 support tools sp2" or click on the following link:
http://www.microsoft.com/downloads/details.aspx?FamilyID=96a35011-fd83-419d-939b-
9a772ea2df90&DisplayLang=en
b Download both support.cab and suptools.msi.
c Run suptools.msi to begin installation.
4 Create a computer account in Active Directory.
• Do not select any of the checkboxes during creation.
• The account name will be used for <computer account> fields shown in the following steps.
5 At the command prompt, map SPN to the computer account. Use the following format:
setspn -A library/<fqdn of library> <computer account>
For example:
To Next Page
Loading...
