Adaptec 5325301507 Administration Guide - Page 47
Kerberos Authentication, Interoperability with Active Directory Authentication
UPC - 753253015740
View all Adaptec 5325301507 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 47 highlights
Windows Networking Configuration Kerberos Authentication Kerberos is a secure method for authenticating a request for a service in a network. Kerberos lets a user request an encrypted "ticket" from an authentication process that can then be used to request a service from a server. The user credentials are always encrypted before they are transmitted over the network. The SnapServer supports the Microsoft Windows implementation of Kerberos. In Windows Active Directory (ADS), the domain controller is also the directory server, the Kerberos key distribution center (KDC), and the origin of group policies that are applied to the domain. Notes Kerberos requires the server's time to be closely synchronized to the domain controller's time. This means that (1) the server automatically synchronizes its time to the domain controller's and (2) NTP cannot be enabled when joined to an ADS domain. Interoperability with Active Directory Authentication The SnapServer supports the Microsoft Windows 2000/2003/2008 family of servers that run in native ADS mode or in mixed NT/ADS mode. SnapServers can join Active Directory domains as member servers. References to the SnapServer's shares can be added to organizational units (OU) as shared folder objects. Note Windows 2000 domain controllers must run SP2 or later. Guest Account Access to the SnapServer The Security > Local Users screen contains an option that allows unknown users to access the SnapServer using the guest account. Restrict_Anonymous and PDC Access If you have implemented the restrict_anonymous mechanism on your domain, you may need to enter a valid domain (not local) user name and password that the SnapServer can use to communicate with the PDC. For ease of administration, Overland Storage recommends that you create a unique user account on the domain using the following guidelines: • Choose a name, such as SnapServerAccess, and include a comment that makes the function of the account clear. • Set the password to never expire. Note A restrict_anonymous user account does not require administrative access. Chapter 2 Network Access to the Server 31