Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

This Guide describes how to set automatic Single Sign-On via Active Directory.

WMS Version: 4.01

Created: March 2019

Permalink:  https://confluence.wildix.com/x/rABOAg

...

  • Go to Active Directory Users and Computers -> Computers
  • Create a new computer account. Note, that this account should not contain a user with the same name
PDF avoid Pagebreak

Image RemovedImage Added

  • To create KeyTab file and check spn (service principal name) binding to the computer account, run the following commands with Domain Admin privileges:

    Code Block
    ktpass -princ HTTP/some-name.example.com@EXAMPLE.COM -mapuser some-name$@EXAMPLE.COM -crypto ALL -ptype KRB5_NT_SRV_HST +rndpass -out d:\some-name.keytab
    Reset SOME-NAME$'s password [y/n]? y
    setspn -Q HTTP/some-name.example.com

    where

    some-name$@EXAMPLE.COM - the computer's name in the asset directory (with $)

    + rndpass - the password that is generated for the computer account, where the domain is written in capital letters

    If HTTP / some-name.example.com is bound to several computers or users, authentication of Kerberos will not work

  • When KeyTab is generated, it appears on the disk - d: \ some-name.keytab:
PDF avoid Pagebreak

Image RemovedImage Added

Step 2. Upload KeyTab file to PBX

...

  • Enter Kerberos FQDN of the KeyTab. It contains encoded domain name/ IP address of PBX:
PDF avoid Pagebreak

Image RemovedImage Added

Step 3. Import users from AD

In order to use AD SSO, you need to import users from Active Directory.

Consult Documentation for details.

Step 4. Active Directory SSO

...