Configure Domino8.5.1 to use windows Active Directory single-point Login

Source: Internet
Author: User
Tags domain server

Configure Domino8.5.1 to use windows Active Directory single-point Login

1. Before implementing the SPNEGO mechanism of domino 8.5.1, you must specify the following information:

· A Microsoft Windows Active Directory domain server (BYSFT-DC.BYSFT.LOCAL) that provides Kerberos Key Distribution Center Services and LDAP services.

· Domino 8.5.1 the server (BYSFT-MAIL01.BYSFT.LOCAL) runs on a Windows machine that is added to the domain of the Active Directory.

· Domino 8.5.1 server configuration (BYSFT-MAIL01.BYSFT.LOCAL) to "multi-server session" Single Sign-On authorization mechanism MSSO ).

· You need a Windows client (windowsXP or windows7) that is added to the Active Directory domain. The server runs a Domino-supported browser (IE6 ).

2. How the spnego mechanism works

650) this. width = 650; "title =" clip_image002 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image002 "src =" http://www.bkjia.com/uploads/allimg/131228/023K21X9-0.jpg "height =" 330 "/>

3. Configure implementation 3.1 to create the AD user tester03 for web login on the Domain Server; and create the personal configuration document for tester03 on the domino server; For details, see create in the domain controller 3.1.1.

650) this. width = 650; "title =" clip_image004 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image004 "src =" http://www.bkjia.com/uploads/allimg/131228/023K2GA-1.jpg "height =" 501 "/>

3.1.2 register the personal document test03 on the domino server and use the domino administrator)

650) this. width = 650; "title =" clip_image006 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image006 "src =" http://www.bkjia.com/uploads/allimg/131228/023K21O6-2.jpg "height =" 276 "/>

650) this. width = 650; "title =" clip_image008 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image008 "src =" http://www.bkjia.com/uploads/allimg/131228/023K262O-3.jpg "height =" 462 "/>

650) this. width = 650; "title =" clip_image010 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image010 "src =" http://www.bkjia.com/uploads/allimg/131228/023K244O-4.jpg "height =" 446 "/>

650) this. width = 650; "title =" clip_image012 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image012 "src =" http://www.bkjia.com/uploads/allimg/131228/023K22562-5.jpg "height =" 425 "/>

Modify personal documents after successful registration

650) this. width = 650; "title =" clip_image014 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image014 "src =" http://www.bkjia.com/uploads/allimg/131228/023K23K7-6.jpg "height =" 182 "/>

650) this. width = 650; "title =" clip_image016 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image016 "src =" http://www.bkjia.com/uploads/allimg/131228/023K2M27-7.jpg "height =" 378 "/>

Leave the internet password empty

Add an internet-formatted address within the user name Domain: tester03@BYSFT.LOCAL (case sensitive)

650) this. width = 650; "title =" clip_image018 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image018 "src =" http://www.bkjia.com/uploads/allimg/131228/023K22220-8.jpg "height =" 201 "/>

3.2 use the setspn.exe tool in the domain to register http service management 3.2.1 create a domino management account SysAdmin on domain control) and add the user to the domain administrator group; 650) this. width = 650; "title =" clip_image020 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image020 "src =" http://www.bkjia.com/uploads/allimg/131228/023K2HR-9.jpg "height =" 357 "/> 3.2.2 use the SysAdmin account on the domino server to start the lotus domino server Service

650) this. width = 650; "title =" clip_image022 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image022 "src =" http://www.bkjia.com/uploads/allimg/131228/023K2MV-10.jpg "height =" 309 "/>

650) this. width = 650; "title =" clip_image023 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image023 "src =" http://www.bkjia.com/uploads/allimg/131228/023K23U3-11.png "height =" 433 "/>

3.2.3 register an account associated with the HTTP service

Setstp-to HTTP/bysft-mail01.bysft.local SysAdmin

650) this. width = 650; "title =" clip_image025 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image025 "src =" http://www.bkjia.com/uploads/allimg/131228/023K21251-12.jpg "height =" 124 "/>

3.3 use the template da50.ntf on the domino server to create a directory auxiliary service database named myda. nsf

650) this. width = 650; "title =" clip_image026 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image026 "src =" http://www.bkjia.com/uploads/allimg/131228/023K24L2-13.png "height =" 356 "/>

650) this. width = 650; "title =" clip_image028 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image028 "src =" http://www.bkjia.com/uploads/allimg/131228/023K25W7-14.jpg "height =" 150 "/>

650) this. width = 650; "title =" clip_image030 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image030 "src =" http://www.bkjia.com/uploads/allimg/131228/023K25216-15.jpg "height =" 314 "/>

650) this. width = 650; "title =" clip_image032 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image032 "src =" http://www.bkjia.com/uploads/allimg/131228/023K24554-16.jpg "height =" 306 "/>

650) this. width = 650; "title =" clip_image034 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image034 "src =" http://www.bkjia.com/uploads/allimg/131228/023K25350-17.jpg "height =" 394 "/>

3.4 create web sso configuration; allow webmail to perform single-point logon configuration through ad ldap users

650) this. width = 650; "title =" clip_image036 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image036 "src =" http://www.bkjia.com/uploads/allimg/131228/023K25K1-18.jpg "height =" 358 "/>

650) this. width = 650; "title =" clip_image038 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image038 "src =" http://www.bkjia.com/uploads/allimg/131228/023K2G43-19.jpg "height =" 211 "/>

650) this. width = 650; "title =" clip_image040 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image040 "src =" http://www.bkjia.com/uploads/allimg/131228/023K23159-20.jpg "height =" 314 "/>

3.5 configuration-server documents;

650) this. width = 650; "title =" clip_image042 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image042 "src =" http://www.bkjia.com/uploads/allimg/131228/023K23H3-21.jpg "height =" 582 "/>

650) this. width = 650; "title =" clip_image044 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image044 "src =" http://www.bkjia.com/uploads/allimg/131228/023K24K8-22.jpg "height =" 417 "/>

3.6 configuration-message-configuration, notes parameter configuration; Objective To monitor SSO authentication activities through the console

650) this. width = 650; "title =" clip_image046 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image046 "src =" http://www.bkjia.com/uploads/allimg/131228/023K26104-23.jpg "height =" 212 "/>

4. perform a test through the client. 4.1 If the domain is not added or the Integrated Identity Verification is not started, the specific description is as follows;

650) this. width = 650; "title =" clip_image048 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image048 "src =" http://www.bkjia.com/uploads/allimg/131228/023K24150-24.jpg "height =" 306 "/>

650) this. width = 650; "title =" clip_image050 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image050 "src =" http://www.bkjia.com/uploads/allimg/131228/023K2G37-25.jpg "height =" 374 "/>

4.2 you can also use the Add domain. After configuring Integrated Identity Authentication in the IE option, when using the domain to log on, open the IE window to directly access the web mailbox;

650) this. width = 650; "title =" clip_image051 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image051 "src =" http://www.bkjia.com/uploads/allimg/131228/023K26292-26.png "height =" 298 "/>

Reference:

Http://www-10.lotus.com/ldd/dominowiki.nsf/dx/How_to_configure_the_Windows_single_sign-on_ (SSO) _ for_Web_clients _ (SPNEGO) _ in_an_existing_Domino_environment _ (Tutorial)

Http://www.ibm.com/developerworks/cn/lotus/quickr-domino85-sso/index.html

Http://www-10.lotus.com/ldd/dominowiki.nsf/dx/How_to_configure_the_Windows_single_sign-on_ (SSO) _ for_Web_clients _ (SPNEGO) _ in_an_existing_Domino_environment _ (Tutorial)

Http://www.docin.com/p-220610687.html

This article from "Gao Wenlong" blog, please be sure to keep this source http://gaowenlong.blog.51cto.com/451336/1128793

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.