Acronis Access Advanced - Administrator's Guide User Manual

Page 153

153

7 Adding Kerberos Constrained Delegation

Authentication

Once you have setup and verified the AppTunnel works via Username/Password authentication for
Acronis Access, you can modify the configurations created to allow Kerberos Constrained Delegation
authentication to the Acronis Access Gateway. When this is properly configured the end user will not
have to supply a username or password to enroll with management or to browse data sources.

This document will set up the basic configuration and delegate to one Acronis Acess Gateway server
running on the same server as the management server to allow enrollment to that local management
server and browsing of datasources configured on that gateway. Additional delegation will be
required for additional Gateways, Sharepoint servers, and reshares.

If you are going to use the same iOS device to test the Kerberos Constained Delegation it is
recommended you uninstall the Acronis Access Mobile client at this time.

1. Log in to your KDC server as an administrator.
2. From the Windows Start menu, select All Programs, select Administrative Tools > Active

Directory Users and Computers.

3. In the newly opened console, expand the domain (Kerberos refers to a domain as a realm).
4. Right-click Users and select New > User.



Enter a Name and a User Logon Name for the Kerberos service account. The name must start
with HTTP/. Use standard alphanumeric characters with no whitespace for the User Logon
Name, as it is entered in a command prompt later in the guide. If HTTP/ automatically
appears next to the User logon name (pre-Windows 2000) field, delete it from that field.