Exacq exacqVision Server/Client OS: Mac OpenLDAP User Manual User Manual

Configuration

Advertising
background image

Mac OS X Client and Active Directory/OpenLDAP/Kerberos


www.e

x

acq.com

+1.317.845.5710
+44.1438.310163

USA (Corporate Headquarters)
Europe/Middle East/Asia

Page 1 of 2

4/29/2014


1

Configuration


The following process allows you to configure exacqVision permissions and privileges for accounts that exist on an Active
Directory/OpenLDAP/Kerberos (directory) server.

NOTE: On a Windows platform, the domain controller must run on Windows Server 2003 operating system or later.

1. Note the fully qualified host name (hostname.primary-dns-suffix) and IP address of the exacqVision server computer, the

directory domain, and the fully qualified host name and IP address of the directory server. For example:

evserver.exacq.test.com

192.168.1.16

EXACQ.TEST.COM
adserver2008.exacq.test.com

192.168.1.70

2. Make sure the fully qualified host names of the directory server and exacqVision server can be resolved. To do this, open a

terminal window, ping the fully qualified host names, and look for a reply. Make sure the IP addresses match the IP
addresses of the servers as noted in the previous step.

NOTE: If the fully qualified host names cannot be resolved for either server, configure your hosts file with the fully qualified
host names, as in the following example:

/etc/hosts
192.168.1.16

evserver.exacq.test.com

192.168.1.70

adserver2008.exacq.test.com

3. Configure Kerberos (KRB5) by completing the following steps:

STEPS FOR MAC OSX 10.5 AND 10.6

A. Execute Kerberos.app from /System/Library/CoreServers.
B. From the menu, select Edit and then Edit Realms.
C. In the Edit Realms dialog, click the plus button (+) and enter the Realm Name in upper case.
D. Select the Servers tab, click the plus button (+), and enter the IP address or fully qualified domain name of the

directory server. Leave KDC as the Type and 88 as the Port.

E. Click Apply and OK to exit.
F. Click New.
G. Enter the username and password for the directory account. To avoid entering the password again after the ticket

expires, select Remember This Password in My Keychain.

H. Make sure the realm entered earlier in this step is selected from the drop-down list.
I.

Click OK.

J. If the connection is successful, select the new ticket and click Destroy.
K. Proceed to step 4 on the following page.

Advertising