Silversync Guide VIII: Configuring User Based Authentication Manually
In some environments it might not be possible to enter domain administrator credentials into third party applications like Silverback. The system needs these permissions because it needs to established trusts in the Active Directory Domain so that the server is able to access files as the user. This lets Silverback determine if the user has permissions on the file. To perform this process, you need to have Domain Administrator privileges. Complete these steps for any more local or remote Content Locations.
Configure Delegation
- Login to your Active Directory server
- Open Active Directory Users and Computers
- Navigate to the Silversync Server computer object
- Double click on the computer object
- Navigate to Delegation
- Select Trust this computer for delegation to specified services only
- Select Use any authentication protocol
- Click Apply
Allow Delegation of permissions for local paths
There are two difference types of delegation. One for local files on the Silversync server (C:\Files) and remote network shares (\\FILESERVER\Remote Fileshare). These require slightly different processes, which will be covered both in the examples below.
- Navigate to Silverback Management Console
- Login as an Administrator
- Navigate to Admin
- Navigate to Silversync
- Click Edit
- Navigate to Content Locations
- Click Add
- Enter your local path , e.g C:\Files
- Click Save
- When prompted to provide Domain Admin Credentials, click Skip Credentials
Add SPN for local paths
- Navigate back to your Active Directory Users and Computers
- Click Add
- Click Users or Computers
- Search for your Silversync server computer object
- Click OK
- Scroll down to HTTP service and select it
- Click OK
Allow Delegation of permissions for network paths
- Navigate to Silverback Management Console
- Login as an Administrator
- Navigate to Admin
- Navigate to Silversync
- Click Edit
- Navigate to Content Locations
- Click Add
- Enter your network path (e.g.\\FILESERVER\Remote Fileshare)
- Click Save
- When prompted to provide Domain Admin Credentials, click Skip Credentials
Add SPN for network paths
- Navigate back to your Active Directory Users and Computers
- You should still have the Silversync Computer Object Properties open
- Click Add
- Click Users or Computers
- Search for your Fileserver computer object
- Click OK
- Select cifs
This will create the link between this server and the remote server for delegation
- Click OK
If you are directing users to a DFS share, you must add the delegation for ALL members of the DFS environment individually. Repeat these steps for all members.