SPN Verification Checks
ScaleArc performs the various checks during Kerberos configuration. Make sure the following is configured correctly to continue with the process.
- How to set up Service Principal Name (SPN) for ScaleArc
SPN is a unique identifier for a service on a network that uses Kerberos authentication. It consists of a service class, a host name, and a port. To create an SPN, use the SetSPN command line utility.
From the power shell, set up the Service Principal Name for ScaleArc on AD:
1. Log into the Active Directory server as a user with domain administrator's privileges.
2. From the power shell, set the service principal name for ScaleArc on AD. Remember to specify the port correctly. In this example, the cluster listens on port 1433.
- How to set hostname against the VIP
Kerberos authentication uses hostnames to identify machines and services in the domain. This requires a valid and unique hostname for the VIP on the ScaleArc machine.
Create a hostname (DNS setup)
Follow these steps:
- Open DNS manager on the AD server.
- Navigate to the domain name, and right click it.
- Select New Host from the drop down menu.
Enter a new hostname; for example, scale-test. The FQDN for the record appears in the field.
- Next, enter the IP address associated with the hostname.
- Select "Create associated pointer (PTR) record". This creates a reverse name lookup record for the host.
- Click Add Host. At this time you should have both the forward and reverse lookup for the virtual IP set to hostname scale-test.