12 AAA Settings tab

Make sure to obtain and install the active client library on the client workstation. The active client library is not shipped with the Management application.

Make sure to log in to the Management application client using a smartcard.

Make sure that the Active Directory (AD) server you want to use is on the network that the Management application manages.

Make sure that the Management application server and client system clocks are synchronized even if they are in different time zones.

Make sure that the AD server you want to use is connected to the Management application client.

Make sure you have the username and password of the Management application service account configured on the AD server to which the client is connected. It is recommended that you create and use the following name for this account: NetworkMangementSVC.

NOTE

If there are Management application clients from different domains, then each client’s AD server must be configured with same user account and Kerberos Service Principal Name (SPN)

Make sure you have the Kerberos SPN that is configured on the Key Distribution Center (KDC) of the AD server and map it to the Management application server account. It is recommended that you create and use the following name for this account: NetworkMangementSPN.

If you need to add a Kerberos SPN to the KDC of the AD server, use the following command on the Management application client or the AD server to which the client is connected:

setspn -S<SPN>/<Management application server host name with domain name><AD server user account>

For example: setspn -S NetworkManagementSPN/DCM-VNext-65.JCB.com NetworkManagementSvc

NOTE

If there are multiple Management application servers, then a Kerberos Service Principal Name must be added for each server.

To configure CAC authentication, complete the following steps.

1.Select the AAA Settings tab.

2.Select CAC from the Primary Authentication list.

3.Set the authorization preference by selecting one of the following options from the Authorization Preference list:

Local Database — Uses the AD server for authentication and the Management application local database for authorization.

Primary Authentication Server — Uses the AD server for authentication and authorization.

If you select Primary Authentication Server or LDAP Authorization, CAC authentication uses the same AD servers for authentication and authorization.

4.Enter the username for the Management application service account configured on the AD server in the Username field.

388

Brocade Network Advisor IP User Manual

 

53-1003056-01

Page 440
Image 440
Brocade Communications Systems IP250 user manual Select CAC from the Primary Authentication list