How it Works
Exacq
Loading...
exacqVision
Quick Start Manual
17 pgs1.72 Mb0
User Manual
14 pgs677.53 Kb0
User Manual
2 pgs410.49 Kb0
User Manual
5 pgs656.89 Kb0
User Manual
9 pgs695.16 Kb0
User Manual
3 pgs564.08 Kb0
User Manual
232 pgs15.42 Mb0
User Manual
117 pgs8.7 Mb0
User Manual
96 pgs3.92 Mb0

Exacq exacqVision User Manual

Download
Page 1
Mac OS X Client and Active Directory/OpenLDAP/Kerberos
www.exacq.com
+1.317.845.5710 +44.1438.310163
USA (Corporate Headquarters) Europe/Middle East/Asia
Page 1 of 2
4/29/2014
1 Configuration
The following process allows you to configure exacqVision permissions and privileges for accounts that exist on an Active Directory/OpenLDAP/Kerberos (directory) server.
NOTE: On a Windows platform, the domain controller must run on Windows Server 2003 operating system or later.
1. Note the fully qualified host name (hostname.primary-dns-suffix) and IP address of the exacqVision server computer, the
directory domain, and the fully qualified host name and IP address of the directory server. For example:
evserver.exacq.test.com 192.168.1.16 EXACQ.TEST.COM adserver2008.exacq.test.com 192.168.1.70
2. Make sure the fully qualified host names of the directory server and exacqVision server can be resolved. To do this, open a
terminal window, ping the fully qualified host names, and look for a reply. Make sure the IP addresses match the IP addresses of the servers as noted in the previous step.
NOTE: If the fully qualified host names cannot be resolved for either server, configure your hosts file with the fully qualified host names, as in the following example:
/etc/hosts
192.168.1.16 evserver.exacq.test.com
192.168.1.70 adserver2008.exacq.test.com
3. Configure Kerberos (KRB5) by completing the following steps:
STEPS FOR MAC OSX 10.5 AND 10.6
A. Execute Kerberos.app from /System/Library/CoreServers. B. From the menu, select Edit and then Edit Realms. C. In the Edit Realms dialog, click the plus button (+) and enter the Realm Name in upper case. D. Select the Servers tab, click the plus button (+), and enter the IP address or fully qualified domain name of the
directory server. Leave KDC as the Type and 88 as the Port.
E. Click Apply and OK to exit. F. Click New. G. Enter the username and password for the directory account. To avoid entering the password again after the ticket
expires, select Remember This Password in My Keychain.
H. Make sure the realm entered earlier in this step is selected from the drop-down list. I. Click OK. J. If the connection is successful, select the new ticket and click Destroy. K. Proceed to step 4 on the following page.
Page 2
www.exacq.com
+1.317.845.5710 +44.1438.310163
USA (Corporate Headquarters) Europe/Middle East/Asia
Page 2 of 2
4/29/2014
STEPS FOR MAC OSX 10.7 AND LATER
A. Open a Terminal window and execute sudo nano /etc/krb5.conf. B. Configure the /etc/krb5.conf file to include the following:
[libdefaults] default_realm = EXACQ.TEST.COM [realms] EXACQ.TEST.COM = { kdc = adserver2008.exacq.test.com admin_server = adserver2008.exacq.test.com }
C. Press Ctrl+O and Enter to save /etc/krb5.conf. D. Open the Keychain Access app in Utilities, and then the Ticket Viewer app from the Keychain Access menu. E. Press the Add Identity button and then enter your credentials (for example, username@EXACQ.TEST.COM). F. To avoid requiring the password after the ticket expires, select Remember This Password in My Keychain.
4. On the exacqVision client computer, download and install the exacqVision software from www.exacq.com.
2 Connecting to exacqVision Servers
You can connect to your Enterprise exacqVision servers from the Mac OS X exacqVision Client software in any of the following ways:
You can use a local exacqVision username and password. You can always use your system login without having to enter a username or password. In this case, leave the username
and password empty on the Add Systems page, select Use Single Sign-On, and click Apply. A pop-up window will prompt you to enter your Kerberos password, which is the same as your domain password.
You can use any domain user account. Enter the account name in user@REALM format as the username (for example,
"test.user@EXACQ.TEST.COM"). You do not need to enter a password in the exacqVision Client. The realm must be in upper case, as shown in the example. Do NOT select Use Single Sign-On with this login method. A pop-up window will prompt you to enter your Kerberos password, which is the same as your domain password.
3 Adding exacqVision Users from the Directory Database
When the exacqVision server is appropriately configured and connected to your directory server, the Users page and the Enterprise User Setup page each contain a Query LDAP button that allows you to search for users or user groups configured in the directory. You can manage their exacqVision server permissions and privileges using the exacqVision Client the same way you would for a local user. On the System Information page, the Username column lists any connected directory users along with their directory origin (whether each user was mapped as an individual or part of a user group) in parentheses.
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use