Configuring the Authentication Server to refresh domain session credentials
BMC BladeLogic Decision Support for Server Automation relies on the ability to refresh session credentials when executing scheduled jobs. This feature allows you to run scheduled reports without you to authenticate again.
When refreshing session credentials, the Authentication Service validates the user account on the directory server. The account must exist and be enabled for logging on.
To refresh session credentials, the Authentication Service might need to authenticate itself to the directory server. If authentication is required, you must define a default LDAP URL and search base. These step are required only if you follow the more secure approach for domain authentication.
To configure an Authentication Server to refresh domain session credentials
- On the reports server, start the Application Server Administration console (the
blasadmin
utility) as follows.- (Windows) Navigate to the BDSSAInstallationDirectoty\bin directory and enter the following command:
blasadmin
. - (UNIX) Navigate to the BDSSAInstallationDirectoty/br directory and enter the following command:
blasadmin
.
- (Windows) Navigate to the BDSSAInstallationDirectoty\bin directory and enter the following command:
Instruct the Authentication Service to validate Active Directory users with the Active Directory server before refreshing their credentials by entering all of the following commands:
set AuthServer isActiveDirectoryLdapCheckEnabled true set AuthServer activeDirectoryLdapUrl <URL> set AuthServer activeDirectorySearchBase <search>
Note
If you set
isActiveDirectoryLdapCheckEnabled
totrue
, it is mandatory to set the value of other two parameters.
In the preceding commands:<URL>
is the URL of the Active Directory LDAP server. The LDAP server is typically located on the KDC, such asldap://sub1.dev.mycompany.com:389
.<search>
provides a string that specifies where to start looking for user accounts on the directory server. For example, you might enterDC=SUB1, DC=DEV, DC=MYCOMPANY, DC=COM
, which instructs the Active Directory server to begin searching in the SUB1.DEV.MYCOMPANY.COM object in the LDAP directory.Note
If you do not want the Authentication Service to validate Active Directory users with the Active Directory server, set the
isActiveDirectoryLdapCheckEnabled
parameter tofalse
.
- Restart the Authentication Service.
Comments
Log in or register to comment.