Html |
---|
<div id="fb-root"></div>
<script>(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.11';
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script> |
Html |
---|
<div class="fb-like" data-href="https://confluence.wildix.com/x/rABOAg" data-layout="button_count" data-action="recommend" data-size="large" data-show-faces="true" data-share="true"></div> |
...
Scroll export button | ||||||||
---|---|---|---|---|---|---|---|---|
|
Info |
---|
This Guide describes how to set automatic Single Sign-On via Active Directory. WMS Version: 5.X0 / 46.0X Created: March 2019 Updated: January 2023 Permalink: https://confluencewildix.wildixatlassian.comnet/wiki/x/rABOAg_QjOAQ |
Table of Contents |
---|
Step 1. Generate KeyTab file in Active Directory
...
The procedure works the same for Cloud PBX, Hardware and Virtual Machine PBXs. For Cloud PBX, PBX must access AD for sync user only
...
.
- Choose an arbitrary FQDN to connect your PBX. Enter name in the following format:
[SERVER].[LOCAL-DOMAIN]
Example: pbx.mycompany.local
Note |
---|
Note: This address should resolve the PBX IP address. |
2. Go to Active Directory Users and Computers -> Computers
...
and create a new computer account
...
:
Note |
---|
Notes: Note:
|
Note |
|
...
3. Create KeyTab file associated to this computer and check spn (service principal name) binding to the computer account, run the following commands with Domain Admin privileges:
Code Block |
---|
ktpass -princ HTTP/some-name.example.com@EXAMPLE.COM -mapuser some-name$@EXAMPLE.COM -crypto ALL -ptype KRB5_NT_SRV_HST +rndpass -out d:\some-name.keytab
Reset SOME-NAME$'s password [y/n]? y |
where
some-name$@EXAMPLE.COM - the computer's name in the asset directory (with $)
+ rndpass - the password that is generated for the computer account, where the domain is written in capital letters
4. You can check that KeyTab / SPN is well associated with following command:
Code Block |
---|
setspn -Q HTTP/some-name.example.com |
The correct result is: Existing SPN found
Bad result is: No SPN found/ More than one SPN found
Note |
---|
If HTTP / some-name.example.com is bound to several computers or users, authentication of Kerberos will not work |
When KeyTab is generated, it appears on the disk - d: \ some-name.keytab:
Step 2. Upload KeyTab file to PBX
- Go to WMS Settings -> PBX -> Security
- Enable Active Directory Single SignOn via Kerberos (Negotiate)
Upload KeyTab file previously generated in Active Directory
Note Limitation: Only "0-9", "a-z", "A-Z", "_," '- ", "@", "." characters are allowed in KeyTab file name.
Enter Kerberos FQDN of the KeyTab. It contains encoded domain name/ IP address of PBX:
Step 3. Import users from AD
...
Opera does not currently support Kerberos authentication.
Html |
---|
<div class="fb-like" data-href="https://confluence.wildix.com/x/rABOAg" data-layout="button_count" data-action="recommend" data-size="large" data-show-faces="true" data-share="true"></div> |
Debugging
See instructions in case the following error messages are present in wms.log:
...
Check the connection logs and find out what is the PrincipalName used for connection: USER@DOMAIN or USER? If there are no logs of the user, the issue could be the auth-server-whitelist.
Macrosuite divider macro | ||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Button macro | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|