Configuring common access card authentication – Brocade Network Advisor SAN User Manual v12.3.0 User Manual
Page 493
Brocade Network Advisor SAN User Manual
441
53-1003154-01
AAA Settings tab
11
Configuring Common Access Card authentication
NOTE
Common Access Card (CAC) authentication does not support SMI Agent and launch-in-context dialog
boxes.
NOTE
CAC authentication is only supported on Windows systems.
Common Access Card (CAC) authentication requires the following preparations:
•
Make sure to connect the CAC reader to the Management application client workstation.
•
Make sure to obtain and install the active client library on the client workstation. The active
client library is not shipped with the Management application.
•
Make sure to log in to the Management application client using a smartcard.
•
Make sure that the Active Directory (AD) server you want to use is on the network that the
Management application manages.
•
Make sure that the Management application server and client system clocks are synchronized
even if they are in different time zones.
•
Make sure that the AD server you want to use is connected to the Management application
client.
•
Make sure you have the username and password of the Management application service
account configured on the AD server to which the client is connected. It is recommended that
you create and use the following name for this account: NetworkMangementSVC.
NOTE
If there are Management application clients from different domains, then each client’s AD
server must be configured with same user account and Kerberos Service Principal Name (SPN)
•
Make sure you have the Kerberos SPN that is configured on the Key Distribution Center (KDC)
of the AD server and map it to the Management application server account. It is
recommended that you create and use the following name for this account:
NetworkMangementSPN.
If you need to add a Kerberos SPN to the KDC of the AD server, use the following command on
the Management application client or the AD server to which the client is connected:
setspn -S
<SPN>/<Management application server host name with domain name><AD
server user account>
For example: setspn -S NetworkManagementSPN/DCM-VNext-65.JCB.com
NetworkManagementSvc
NOTE
If there are multiple Management application servers, then a Kerberos Service Principal Name
must be added for each server.
To configure CAC authentication, complete the following steps.
1. Select the AAA Settings tab.
2. Select CAC from the Primary Authentication list.