Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise Mobility Server 3.6
  3. Configuring the BlackBerry Docs service
  4. Steps to configure the Docs service
  5. Configure the Docs security settings
  6. Configuring Kerberos constrained delegation for Docs
  7. Add Kerberos constrained delegation for file shares

Add Kerberos constrained delegation for file shares

The main difference between sharing files in File Share repositories, compared to sharing apps (for example,
Microsoft SharePoint
), is that here the delegation is to the computer hosting the
BEMS
 instance account and not to the
Docs
service process user, BEMSAdmin.
  1. Open
    Microsoft Active Directory Users and Computers
    .
  2. In your domain, click
    Computers
    .
  3. Right-click the
    BEMS
     computer entry. Click
    Properties
    .
  4. Click the
    Delegation
     tab.
  5. In the
    Microsoft Active Directory
     account properties, on the
    Delegation
     tab, select the following options:
    • Trust this user for delegation to specified services only
    • Use any authentication protocol
  6. Click
    Add
    , select
    Users or Computers
    , type in the name of the server whose file share needs access and click
    OK
    .
  7. In the list of services, click
    cifs
    . Click
    OK
    .
  8. Repeat Step 3 to 6 for each server that has file shares needing access.
  9. Restart the
    BEMS
     server. Since Kerberos tokens are cached, restarting the
    BEMS
     server is the only way to make sure all delegation changes are received on the machines.