Configuring Active Directory to support Kerberos for Mac OS X

If you want to support single sign on for Mac OS X clients, you must configure your Active Directory server to use Kerberos. Before selecting the Perform SSO for Mac check box on the System: Authentication page, complete the steps below.

  1. Log in to your Active Directory domain controller.
  2. Run the following commands, providing the Active Directory username in both.
    Note The "AD Username set on the appliance" must match the username set on the System: Active Directory page.

    Be sure to provide the appliance’s fully qualified domain name for the first command, and the appliance’s hostname for the second command.

    setspn -a HTTP/<> <AD username set on the appliance>

    setspn -a HTTP/<MyAppliance> <AD username set on the appliance>