Versions Compared

Old Version 7

changes.mady.by.user Ksenia Babych

Saved on

compared with

New Version 8

changes.mady.by.user Tatiana Bieliakova

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.



Html
<div id="fb-root"></div>
<script>(function(d, s, id) {
  var js, fjs = d.getElementsByTagName(s)[0];
  if (d.getElementById(id)) return;
  js = d.createElement(s); js.id = id;
  js.src = 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.11';
  fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>

...

Html
 <div class="lang-box-pdf">
	<div>
		<div class="google-lang">
			<div id="google_translate_element">
			</div>
			<script type="text/javascript">
					function googleTranslateElementInit() {
						new google.translate.TranslateElement({pageLanguage: 'en', includedLanguages: 'de,es,fr,it,nl', autoDisplay: false}, 'google_translate_element');
						}
			</script>
			<script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
		</div>
		
		<div class="pdf-button">
			<a href="https://confluence.wildix.com/spaces/flyingpdf/pdfpageexport.action?pageId=38666412" alt="Convert to .pdf" title="Convert to .pdf"><img src="https://confluence.wildix.com/download/attachments/14549012/pdf-button-download-wildix-documentation.png"></a>
		</div>
	</div>
</div>


Info

This Guide describes how to set automatic Single Sign-On via Active Directory.

WMS Version: 5.X0 / 4.0X

Created: March 2019

Permalink:  https://confluence.wildix.com/x/rABOAg

Table of Contents

Step 1. Generate KeyTab file in Active Directory

Note

For Cloud PBX, PBX must access AD for sync user only: 

  • Choose an arbitrary FQDN to connect your PBX. Enter name in the following format:

[SERVER].[LOCAL-DOMAIN]

Example: pbx.mycompany.local

Note: This address should resolve the PBX IP address.

  • Go to Active Directory Users and Computers -> Computers
  • Create a new computer account. Note, that this account should not contain a user with the same name


Note

Note: It is recommended to avoid upper case.


  • To create KeyTab file associated to this computer and check spn (service principal name) binding to the computer account, run the following commands with Domain Admin privileges:

    Code Block
    ktpass -princ HTTP/some-name.example.com@EXAMPLE.COM -mapuser some-name$@EXAMPLE.COM -crypto ALL -ptype KRB5_NT_SRV_HST +rndpass -out d:\some-name.keytab
Reset SOME-NAME$'s password [y/n]? y
setspn -Q HTTP/some-name.example.com

    where

    some-name$@EXAMPLE.COM - the computer's name in the asset directory (with $)

    + rndpass - the password that is generated for the computer account, where the domain is written in capital letters

  • You can check that KeyTab / SPN is well associated with following command:

    Code Block
    setspn -Q HTTP/some-name.example.com


    The correct result is: Existing SPN found
    Bad result is: No SPN found/ More than one SPN found

    Note

    If HTTP / some-name.example.com is bound to several computers or users, authentication of Kerberos will not work


  • When KeyTab is generated, it appears on the disk - d: \ some-name.keytab:

...

Html
<div class="fb-like" data-href="https://confluence.wildix.com/x/rABOAg" data-layout="button_count" data-action="recommend" data-size="large" data-show-faces="true" data-share="true"></div>

Debugging

See instructions in case the following error messages are present in wms.log: 

  • "No entry HTTP://XXXX found in key table"

Possible solution: Check steps 1, 2 and 3 of the guide. The issue is a wrong keytab.

  • "Error accepting security context"

Possible solution: You might need to check if you are connecting to PBX using the correct URL, and if the browser is well configured. 

  •  "No user found in LDAP" 

Check the connection logs and find out what is the PrincipalName used for connection: USER@DOMAIN or USER? If there are no logs of the user, the issue could be the auth-server-whitelist.