Lexmark X782e PKI-Enabled Pre-Installation Guide - Page 34

PKI Pre-Installation Guide 7 Finding Configuration Information The sections describe various methods for obtaining some of the configuration information needed in the previous section. 7.1 Kerberos Realm The quickest method to determine the Kerberos Realm is to use the Windows Resource Toolkit "klist" program from a Windows workstation with PKI logon. If the toolkit has not been installed on the workstation, it can be downloaded from the Microsoft Website by searching for "rktools.exe". Once the resource toolkit is installed, run klist tgt from a Windows command prompt. If the program is not found, change to the "C:\Program Files\Windows Resource Kits\Tools" directory to execute the program. The program should list information similar to the following: Cached TGT: ServiceName: krbtgt TargetName: krbtgt FullServiceName: steve DomainName: SMARTCARD.BP.LEXMARK.COM TargetDomainName: SMARTCARD.BP.LEXMARK.COM AltTargetDomainName: SMARTCARD.BP.LEXMARK.COM TicketFlags: 0x40e00000 KeyExpirationTime: 0/38/4 0:00:10776 StartTime: 1/31/2007 8:41:47 EndTime: 1/31/2007 18:41:47 RenewUntil: 2/7/2007 8:41:47 TimeSkew: 2/7/2007 8:41:47 The Kerberos Realm is listed as the "DomainName". This value can be used as part of the information needed in section Active Directory, 3.2.2, item 2. 7.2 Domain Controller The local administrator should know the domain controller(s) used for PKI authentication. If not, one of the following two methods can be used. As part of the Windows Resource Toolkit, a program "nltest.exe" is installed. Run this program from the command line as follows: nltest /dclist: replacing with your actual domain. This will list the domain controllers for the specified domain. One of the servers will be listed with a [PDC] following its name. This is the Version 2.0.0 Page 30