Install the dedicated package on the server:
Open a "cmd.exe" console and run the following command:
setspn -A HTTP/bluemind.domain.tld bmkrb
This command should return a result similar to the following lines:
Registering ServicePrincipalNames for CN=bmkrb,CN=Users,DC=domain,DC=tld HTTP/bluemind.domain.tld Updated object
Run the following command:
ktpass /out C:\hps.keytab /mapuser bmkrb@DOMAIN.TLD /princ HTTP/bluemind.domain.tld@DOMAIN.TLD /pass krbpwd /kvno 0 /ptype KRB5_NT_PRINCIPAL
The result should look like this:
Targeting domain controller: AD.domain.tld Using legacy password setting method Successfully mapped HTTP/bluemind.domain.tld to bmkrb. Output keytab to C:\hps.keytab
Once Kerberos authentication is enabled, you will be automatically authenticated if your browser is configured correctly. If you want to connect as admin0 or on another domain, go to the page: bm.domain.tld/native.
This section describes how to configure Kerberos authentication manually. However, you might also find this paragraph useful if your Kerberos domain name is different from your BlueMind domain name.
/etc/bm-hps"directory of the BlueMind server
Copy the contents of the file "mem_conf.ini" into the file copied previously "
The Active Directory domain name must be written in CAPITAL LETTERS in the configuration file, failing that it will not work.
Since BlueMind v.3.0.7, you can set up authentication with different domains for Kerberos and BlueMind.
Create a new configuration file /etc/bm-hps/mappings.ini with the following contents:
In this instance, DOMAINEAD.LAN is your AD domain and domaineBM.vmw is your BlueMind domain.
When the file has been created, restart BlueMind:
When the AD domain is different from the BlueMind domain, the client web browser may not trust the BlueMind domain. The BlueMind url access must therefore be added as a trusted site in the web browser.
To add a trusted site, you need to access the Firefox configuration settings. To do this:
in the web browser address bar, type:
In the search box, type:
Trusted sites are configured in the Internet Options window:
Chrome is based on the Internet Explorer configuration. As a result, in Windows, simply follow the same process as above to add a new site to the trusted list.
For other operating systems, however, use the following command line to add a trusted website:
For more information, please look at the following pages: