Configuring Kerberos authentication for DFS
Authentication to DFS servers using Kerberos requires additional setup in the KDC and the Standalone Sentry system manager. To support Kerberos authentication for DFS, map the SPN of the CIFS service domain to one of its domain controllers (DC). If your Kerberos environment has multiple domain controllers (DC), to avoid authentication failure, add the DC you are mapping to as a static host in the Standalone Sentry system manager.
If your Kerberos environment has multiple domain controllers (DC), note that you can only map the SPN of the CIFS service domain to one DC.
Before you begin
Setup Standalone Sentry for authentication using Kerberos.
Procedure
1. | Map the SPN of the domain to one of its Domain Controllers (DC). |
2. | On the KDC, associate the Standalone Sentry service account to the CIFs service. |
3. | If the domain contains multiple DCs, add a static host for the DC in the Standalone Sentry system manager: |
a. | Sign in to the Standalone Sentry system manager. |
b. | Go to Settings > Static Hosts. |
c. | Click Add. |
d. | Configure the following: |
IP address: IP address of the DC.
FQDN: FQDN of the DC entered in Step 1.
Alias: short name of DC followed by space.
Example:
IP Address: 192.168.10.5
FQDN: win2k8.texas.enterprise.com
Alias: win2k8 texas.enterprise.com
e. | Click Save. |
• | Static Hosts. |