beautypg.com

11 kss open enrollment – Symbol Technologies Spectrum24 AP-4131 User Manual

Page 41

background image

Introduction

AP-4131 Access Point Product Reference Guide

31

Enabling Kerberos disables Telnet, SNMP and Web services. Configure the
AP through a direct serial connection if needed. Configure SNMP to be "Read
Only" or "Read/Write" from the KSS. Disabling Kerberos returns (Kerberos
disabled is the default setting) Telnet, SNMP and Web services to their
previous setting. If an AP cannot be accessed through a serial connection
and SNMP is not configured for read/write, use of DHCP option 131 is
another way to disable Kerberos.

The KSS in a Spectrum24 environment runs only on a Windows 2000 server
with Active Directory enabled. Future supported platforms include Linux,
Solaris, SCO Unixware and HP-UX.

1.3.11 KSS Open Enrollment

When the KSS startup and KDC authentication completes successfully, the
KSS opens a listening TCP/IP connection port and waits for any AP (several
APs can connect to the KSS concurrently) that requests KSS AP setup services.
Each AP requires an AP Setup Account entry. Open Enrollment mode allows
the system administrator to enter information for APs with the same ESSID
and therefore the same Kerberos Principal. The system administrator creates
an AP Setup Account entry (enter all the Open Enrollment properties
including a Kerberos Principal) in Open Enrollment mode. Complete the
Kerberos account with this Principal in the Kerberos Account database. When
the KSS Listening mode and Open Enrollment is enabled (by selecting a
check box in the

Kerberos Setup Service

Property page), KSS provides the

default AP Setup Account and the corresponding Kerberos Account to the AP.
A new AP Setup Account record is created for the AP using the default Open
Enrollment properties. The KSS continues to do this until Open Enrollment is
disabled. Access points with a "Disabled" status or expired range entries in
the KSS are not allowed to accept Open Enrollment information. This
provides a tool to block APs that are known to have been stolen or missing.