Versions Compared

Old Version 1

changes.mady.by.user Christina Loher

Saved on

compared with

New Version Current

changes.mady.by.user Emese Pogany

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This article shows how to configure the options for Active Directory with Kerberos in IGEL OS.

...

Menu path: Security > Active Directory/Kerberos

Image RemovedImage Added

Enable Include PageIGELOS12BSDOCP:_SvIncludePlusContent-_Icon activatedIGELOS12BSDOCP:_SvIncludePlusContent-_Icon activated

 The ☑ The Kerberos basic configuration will be carried out.

Include PageIGELOS12BSDOCP:_SvIncludePlusContent-_Icon deactivatedIGELOS12BSDOCP:_SvIncludePlusContent-_Icon deactivated The ☐ The Kerberos basic configuration will not be carried out. (Default)

Default domain (fully qualified domain name)

This value must match the Windows domain on which the logon is to take place. The value must be entered in upper case letters. e.g. EXAMPLE.COM.

DNS lookup for domain controller Include PageIGELOS12BSDOCP:_SvIncludePlusContent-_Icon activatedIGELOS12BSDOCP:_SvIncludePlusContent-_Icon activated

In order to find the Key Distribution Centers (KDCs, domain controllers) and other servers for a realm, if they are not explicitly indicated, DNS SRV records are used. (Default)

Include PageIGELOS12BSDOCP:_SvIncludePlusContent-_Icon deactivatedIGELOS12BSDOCP:_SvIncludePlusContent-_Icon deactivatedThe KDCs entered under Security > Active Directory/Kerberos > Domain 1 ... Domain 4  Domain 4 will be used.

DNS lookup for domain Include PageIGELOS12BSDOCP:_SvIncludePlusContent-_Icon activatedIGELOS12BSDOCP:_SvIncludePlusContent-_Icon activated

In order to determine the Kerberos realm of a host, DNS TXT records are used. (Default)

Include PageIGELOS12BSDOCP:_SvIncludePlusContent-_Icon deactivatedIGELOS12BSDOCP:_SvIncludePlusContent-_Icon deactivatedThe details under ☐ The details under Setup > Security > Active Directory/Kerberos > Domain Realm Mapping Mapping are used.

Obtain Addressless Tickets Include PageIGELOS12BSDOCP:_SvIncludePlusContent-_Icon activatedIGELOS12BSDOCP:_SvIncludePlusContent-_Icon activated

The first Kerberos ticket is addressless. This may be necessary if the client is located behind an Network Address Translation (NAT) device. (Default)

...

Child pages (Children Display)