Configuration Guides › Policy Server Configuration Guide › User Directories › User Directory Connections Overview › Windows Directory Overview

Windows Directory Overview

User directory connections can be set up with any of the following WinNT implementations:

• WinNT domain
• Individual WinNT computer in a domain
• Stand-alone WinNT computer

In order for the Policy Server to connect to your WinNT domain, it must meet the following requirements:

• A one way trust relationship between the domain containing the Policy Server, and the domain containing users, must exist.
• Every user in the domain that will be authenticated by SOA Security Manager needs the Access the computer from network user right for the machine where the policy server is running.
• The account that SOA Security Manager uses to access the User Directory object needs to have access to the IPC$ share on the domain controller machine where the WinNT domain users are located.

  Note: These requirements may be met by default if you use the default configuration for your WinNT domain. Your WinNT domain administrator should verify that the domain meets the above requirements.

The Policy Server authenticates against WinNT and can authorize users based on their individual identities and group membership.

When authenticating against a WinNT namespace, the Policy Server passes user credentials to WinNT for authentication. The credentials are the user's WinNT user name and password. In a SOA Security Manager environment, where multiple WinNT namespaces are defined, user authentication is faster if the user name supplied to SOA Security Manager includes the domain name (i.e. domain\username). In that case, SOA Security Manager skips all WinNT namespaces that do not match the specified domain name.

WinNT user names and passwords can be used as credentials.

Note: To authenticate users against a WinNT domain, the Policy Server must run on WinNT.