If you want to support single sign on for Mac OS X clients, you must configure your Active
Directory server to use Kerberos. Before selecting the Perform SSO for
Mac check box on the System: Authentication page,
complete the steps below.
-
Log in to your Active Directory domain controller.
-
Run the following commands, providing the Active Directory username in both.
Note The "AD Username set on the appliance" must match the username set on the
System: Active Directory page.
Be sure to provide the appliance’s fully qualified domain name for the first command,
and the appliance’s hostname for the second command.
setspn -a HTTP/<MyAppliance.example.com> <AD username set on
the appliance>
setspn -a HTTP/<MyAppliance> <AD username set on the
appliance>