Creating Active Directory users for Kerberos authentication
After storage servers are added to the Active Directory domain, perform the following tasks before you configure Kerberos-based authentication for universal shares on the NetBackup web UI.
On Windows Active Directory domain server, create Active Directory users for Kerberos authentication.
Register Kerberos principals to KDC (Key Distribution Center) database.
See Registering the Kerberos principals to the KDC database.
To create Active Directory users for Kerberos authentication.
- Log in to the Windows Active Directory domain server.
- Navigate to Start > Administrative Tools > Active Directory Users and Computers.
- In the left pane, select the correct domain name and then select Users.
- Right-click Users and select New > User.
- Enter the domain user information. User logon name is used for Active Directory domain login and authentication.
For storage servers, the logon name must be nfs/<storage server FQDN>. Where the nfs is an NFS service principal and storage server is the host where your universal shares are created. For example, nfs/storage-server.mydomain.com.
For a universal share server, create one more user host/<storage server FQDN>.
For a universal share server, you must create two Active Directory users, nfs/<storage server FQDN> and host/<storage server FQDN>. For a universal share client, create only one user, host/<universal share client FQDN>.
- Set password for the new user.
- Click Finish to finish the user creation.
- Double-click the user you have created to open the property window.
- In Account options list, select AES 128 and AES 256 encryption items.