Creating an Authentication Information File (Keytab File) for Proxy Server Connection
If all the following conditions apply, an authentication information file (keytab file) is required to enable this software to connect to the proxy server.
HTTPS is used as the protocol for communicating with the Remote Monitoring Server
The Cloud Connection Agentfunction is monitoring a device with [CCA Mode] selected in this software
A proxy server is used to connect to the Internet and Windows domain authentication is used when connecting to the proxy server
IMPORTANT |
If the computer where this software operates does not belong to the same domain as the proxy server, only Basic authentication can be used for proxy server authentication. In this case, a keytab file is not required. |
An authentication information file (keytab file) can be created either automatically or manually.
If all the following conditions apply, the file can be created automatically. If not, the file must be created manually.
This software is operating on a Windows server operating system
On the domain authentication server, Administrator privileges (the Administrators group) are assigned or can be assigned to the computer where this software is operating.
For information on the procedure, see the following.
Manually Creating an Authentication Information File (Keytab File)
1.
Log on to the domain authentication server as a user with administrator privileges.
2.
Launch the command prompt with administrator privileges.
3.
Execute the following command.
ktpass -princ HTTP/{computername}.{domainname}@{DOMAINNAME} -mapuser {username}@{domainname} -pass {password} -crypto ALL -ptype KRB5_NT_PRINCIPAL -out {output destination folder}\krb5.keytab
Parameter | Description |
-princ | Specifies the principal name for Kerberos authentication. {computername} and {domainname} are case-sensitive. {DOMAINNAME} must be entered with upper case characters. |
-mapuser | Specifies the domain authentication user account to use for operating this software. The principal name will be mapped to the specified user account. This parameter is case-sensitive. |
-pass | Specifies the password of the user account specified in "mapuser". This parameter is case-sensitive. |
-crypto | Specifies the key generated in the authentication information file (keytab file). Specify "ALL" to generate keys for all the supported encryption types. |
-ptype | Specifies the type of principal. Specify "KRB5_NT_PRINCIPAL". |
-out | Specify the output destination and file name of the authentication information file (keytab file) to create. |
4.
Copy the created authentication information file (keytab file) to the computer where this software operates.
After installing this software, copy the authentication information file (keytab file) to the following folder.
%ProgramFiles%\Canon\CDCA\Squid\etc
Automatically Creating an Authentication Information File (Keytab File)
By configuring the following settings on the domain authentication server in advance, an authentication information file (keytab file) is automatically created when the proxy server settings are configured in this software.
1.
Log on to the domain authentication server as a user with administrator privileges.
2.
Select [Active Directory Users and Computers] from [Tools] in the server manager.
3.
In the left pane of the [Active Directory Users and Computers] screen, select [Computers].
4.
In the right pane of the [Active Directory Users and Computers] screen, double-click the computer where this software operates.
5.
Click the [Member Of] tab.
6.
Click [Add], then add [Administrators].
7.
Click [OK].