Reto's WIKI

User Tools

Site Tools

Trace: workplaceattendantdb delete_cluster breeze mgw debug exchangeconnector breezeelementmanagerpackage upgradepath iwa
avaya:aads:iwa

This is an old revision of the document!

Kerberos KEYTAB File for AADS

A Service Account for IWA AADS with no special rights is needed.
The file has to be created on a Windows Domain Controller with Domain Admin Rights.
On cmd run: 

setspn -S HTTP/<FRONT-END FQDN> <Domain user login>
ktpass -out LocationOfKTfile -mapuser user@DOMAIN.SUFFIX -princ HTTP/serverFQDN@DOMAIN>SUFFIX -ptype KRB5_NT_PRINCIPAL -pass +rndPass -crypto all -kvno 0

Example:\\ DNS Domain: examp.local
Kerberos REALM: EXAMP.LOCAL
AADS Frontend FQDN: aads.example.com
Service Account: iwa_adds

setspn -S HTTP/aads.example.com iwa_adds
ktpass -out c:\temp\aads.keytab -mapuser iwa_adds@EXAMP.LOCAL -princ HTTP/aads.example.com@EXAMP.LOCAL -ptype KRB5_NT_PRINCIPAL -pass +rndPass -crypto all -kvno 0
Detach Close

This topic does not exist yet

You've followed a link to a topic that doesn't exist yet. If permissions allow, you may create it by clicking on Create this page.

avaya/aads/iwa.1709818088.txt.gz · Last modified: (external edit)