Task
1
Create an Active Directory user account for the appliance to use in Kerberos authentication. Create
an Active Directory user account for the appliance in the network that will use Kerberos
authentication. The account must be a member of the domain users group. The account does not
need administrative rights.
If the network has multiple appliances, create a separate user account for each appliance. For
example, if the network has two appliances, named a1 and a2, create two user accounts named k1
and k2.
2
Synchronize the time on the appliance with the time on the domain controller or KDC. This is
necessary for Kerberos to work.
a
Open the appliance from a web browser at the Domain Controller or backup Domain controller.
b
On the navigation bar, select
System
|
Appliance Management
|
Time and Date
.
c
Select
Synchronize time with client
, and click
Set Now
.
3
Generate the keytab file.
a
On the Domain Controller, download and extract the ktpass.exe (91.136 bytes) file from the
support.cab file to a temporary folder. For further details, see the article:
http://
www.microsoft.com/downloads/details.aspx?familyid=96A35011-FD83-419D-
939B-9A772EA2DF90&displaylang=en
.
b
On the Windows desktop, open a command prompt — click
Start
,
Run
, type
command
, and click
OK
.
c
Create a keytab file (scm.keytab) to be imported into the appliance — type:
ktpass -princ HTTP/[email protected] -mapuser Kerberos-user1 -pass
<password> -ptype KRB5_NT_PRINCIPAL -out scm.keytab
Note the capital letters for the value of the parameter, -princ. After you run this command, the
keytab file is associated with the specified user account.
d
On the domain controller, verify that the command was performed successfully. Open
Active
Directory Users and Computers
, and double-click the account used. Select the
Account
tab. Verify that
the fully qualified domain name (FQDN) for the Appliance is listed correctly. For example: HTTP/
scmgateway.mcafee.local.
Overview of System features
Users, Groups and Services
McAfee Email and Web Security Appliances 5.6.0 Product Guide
247
Содержание MAP-3300-SWG - Web Security Appliance 3300
Страница 1: ...Product Guide McAfee Email and Web Security Appliances 5 6 0 ...
Страница 6: ......
Страница 20: ......
Страница 28: ......
Страница 58: ......
Страница 206: ......
Страница 310: ......
Страница 322: ......
Страница 324: ......
Страница 326: ......
Страница 333: ......
Страница 334: ......
Страница 335: ......
Страница 336: ...700 2647A00 00 ...