Configuring the Authentication Server to refresh domain session credentials
BMC BladeLogic Decision Support for Server Automation relies on the ability to refresh session credentials when executing scheduled jobs. This feature allows you to run scheduled reports without you to authenticate again.
When refreshing session credentials, the Authentication Service validates the user account on the directory server. The account must exist and be enabled for logging on.
To refresh session credentials, the Authentication Service might need to authenticate itself to the directory server. If authentication is required, you must define a default LDAP URL and search base. These step are required only if you follow the more secure approach for domain authentication.
To configure an Authentication Server to refresh domain session credentials
- On the reports server, start the Application Server Administration console (the blasadmin utility) as follows.
- (Windows) Navigate to the BDSSAInstallationDirectoty\bin directory and enter the following command: blasadmin.
- (UNIX) Navigate to the BDSSAInstallationDirectoty/br directory and enter the following command: blasadmin.
Instruct the Authentication Service to validate Active Directory users with the Active Directory server before refreshing their credentials by entering all of the following commands:
set AuthServer isActiveDirectoryLdapCheckEnabled true
set AuthServer activeDirectoryLdapUrl <URL>
set AuthServer activeDirectorySearchBase <search>In the preceding commands:
- <URL> is the URL of the Active Directory LDAP server. The LDAP server is typically located on the KDC, such as ldap://sub1.dev.mycompany.com:389.
<search> provides a string that specifies where to start looking for user accounts on the directory server. For example, you might enter DC=SUB1, DC=DEV, DC=MYCOMPANY, DC=COM, which instructs the Active Directory server to begin searching in the SUB1.DEV.MYCOMPANY.COM object in the LDAP directory.
- Restart the Authentication Service.