PKI Pre-Installation Guide
Version 2.0.0
Page 31
primary domain controller; use that value as the first domain controller listed in section 3.2.2,
item 1.
If that program is not available, you can try the following
1.
Select Start | Run.
2.
Type “dsa.msc”. This will launch the Active Directory Users and Computers
Management Console. If a file not found error is received, go to Microsoft’s Website and
search for “adminpak.msi”. Download and install the Windows 2003 Administration
Tools Pack. Then start over at step 1.
3.
Once launched, the domain is listed in the list on the right.
4.
Double-click the domain and then find the item called “Domain Controllers” in the list.
The list of domain controllers will then be listed on the right.
5.
Select one from the list and use that value as the first domain controller listed in section
3.2.2, item 1.
7.3 Kerberos Configuration File
When User Validation Mode is set to Active Directory, Kerberos must be configured on the
MFP. The PKI Authentication Application allows for configuring the basic Kerberos settings
without downloading a file to the MFP. For most environments, the basic settings will suffice
and this step can be skipped. However, if your Kerberos setup involves multiple realms or
requires other advanced settings, a Kerberos Configuration file must be created and downloaded
to the MFP.
The Kerberos configuration file is an industry standard formatted file. An example is below with
the critical elements described.
The example is in this font
while a description is
in this font.
The Kerberos Realm described in section 3.2.2, item 2 should be used to replace the
#####_DOMAIN.NAME.MIL_#####
text in the example below.