Index | Prev | Next

Relocating the Kerberos keytab file

If your AX-3.8 stations use Kerberos authentication for user services (for example, LdapV3ADUserService) and they use a “keytab file” supplied by the site’s Kerberos administrator, the migration tool requires this file to reside under an “ldap” subfolder of each such AX-3.8 station. This procedure relocates the Kerberos keytab file prior to migration.
 NOTE: If applicable, do this before making source station backups for use with the migration tool. 
Perform the following steps:
  1. Using Workbench, open the station (Foxs or Fox), expand the Config node, and navigate to the property sheet of the UserService’s authenticator.

    For example: Services > LdapV3ADUserService > ActiveDirectoryConfig > authenticator

    The Key Tab Location property ORD value references the current location of the keytab file. Keep this view open.

  2. If it is a remote station, open a new tab in Workbench, and open a platform connection to the remote host and access the File Transfer Client view.
  3. In the (remote) right-side “Files on IPaddress” area, navigate to stations > stationName, and create a subdirectory titled ldap. This is the target location for the keytab file.
  4. In the same right-side area, navigate to the Key Tab Location noted in Step 1. Select and transfer the keytab file from the remote (right-side) to the local (left-side).
  5. In the same right-side area, navigate to the stations > StationName > ldap folder created in Step 3, then select and transfer the keytab file back from the local (left-side) to the remote (right-side).

    The keytab file should now be in the !stations/stationName/ldap folder.

  6. Switch to the Workbench tab showing the property sheet of the UserService’s authenticator and edit the Key Tab Location property ORD value to match the new location of the keytab file. Click Save.
  7. Save the station (right-click the Config node, click Save).
  8. Repeat all steps above for each applicable JACE station to be migrated to N4.

If this is a local AX-3.8 station, such as a Supervisor station, you can use Windows Explorer to make the new ldap subdirectory under the !stations/stationName folder, and copy and paste the referenced keytab file into it. Be sure to update the authenticator’s Key Tab Location value with the new location, and save the station database (steps 6 and 7).

After relocating the Kerberos keytab files and updating authenticator properties, test out the operation in AX-3.8. A successful operation should continue after the station is migrated to N4.

Related Links

  • Preparing platforms for migration (Parent Topic)

    • Index | Prev | Next