Configure Kerberos authentication
To enable Kerberos user authentication, you modify the IXIA TEXTML Server configuration.
Understanding Service Principal Names
To use Kerberos authentication, you need to create Service Principal Names (SPN) for the server in the Active Directory. The SPN is a unique identifier that must be created for each service that will use Kerberos authentication, so that clients can locate it over a network. The SPN is assigned to the account that is running TEXTML Server. The account that you assign it to depends on your configuration:
- If the TEXTML Server service runs under the "Local
Service" (default) or "System" account, the SPN is assigned to the NetBIOS
name of the machine (for example,
machinename@acme.local
). Note that the TEXTML Server service should not run as the Local Service if one of the following conditions apply:- TEXTML Server is installed in a Windows cluster,
- There are multiple Active Directory Forests in the network, or
- An Active Directory Forest includes many domains
- If the TEXTML Server service is running as another user,
the SPN is assigned to this user name (for example,
myusername@acme.local
). This user name must be unique in the Active Directory. - If the TEXTML Server service is running in a cluster, the
SPN must be assigned to the user name (for example,
myusername@acme.local
) and not the machine name, so that it can still be reached in case of a cluster failover.
The SPN is the name that users will enter when they add a server to an administration console.
When enabled, Kerberos authentication is performed each time a user attempts to connect to a TEXTML Server instance. For more information about Kerberos, see Microsoft's article at the following URL:
http://msdn.microsoft.com/en-us/library/ms178119(v=sql.105).aspx
This procedure:
- Creates Service Principal Names (SPN) for the TEXTML Server service in the Active Directory of the Kerberos server.
- TEXTML ServerEnables Kerberos delegation for the machine or user account.
- Enables TEXTML Server authentication in the TEXTML Server configuration.
Kerberos authentication requires that TEXTML Server runs on a recent version of Windows server with Active Directory.
The following commands must be run using Administrator privileges in an elevated command prompt.
To configure Kerberos authentication: